CVE-2009-4429 – Drupal Module Sections - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-4429

28 Dec 2009 — Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Sections v5.x anteriores a v5.x-1.3 y v6.x anteriores a v6.x-1.3 para Drupal permite a usuarios autenticados remotamente con privilegios de "administrar secciones" ... • https://www.exploit-db.com/exploits/10485 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •