CVE-2009-4370

Name of the Vulnerable Software and Affected Versions Drupal Core versions prior to 6.15

Description A cross-site scripting (XSS) issue exists due to improper handling of menu descriptions in the menu administration overview. This allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description.

Recommendations For versions prior to 6.15, update to version 6.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the menu administration overview to minimize the risk of exploitation. Avoid using the menu description field in the affected module until the issue is resolved.