Drupal · Browscap · CVE-2009-3651
**Name of the Vulnerable Software and Affected Versions**
Browscap versions prior to 5.x-1.1
Browscap versions prior to 6.x-1.1
**Description**
A cross-site scripting (XSS) issue exists in the Monitor browsers' feature of the Browscap module for Drupal. This issue allows remote attackers to inject arbitrary web script or HTML via the `User-Agent` HTTP header.
**Recommendations**
For Browscap versions prior to 5.x-1.1, update to version 5.x-1.1 or later.
For Browscap versions prior to 6.x-1.1, update to version 6.x-1.1 or later.