CVE-2009-0603

Name of the Vulnerable Software and Affected Versions Drupal Link module version 5.x-2.5 for Drupal 5.10

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users with 'administer content types' privileges to inject arbitrary web script or HTML via the description parameter, also known as the Help field.

Recommendations For Drupal Link module version 5.x-2.5, avoid using the description parameter in the index.php file until a fix is available. As a temporary workaround, consider restricting access to the Link module for users with 'administer content types' privileges to minimize the risk of exploitation.