Drupal · Drupal Biblio Module · CVE-2010-1358
**Name of the Vulnerable Software and Affected Versions**
Drupal Biblio module versions 5.x through 5.x-1.17
Drupal Biblio module versions 6.x through 6.x-1.9
**Description**
A cross-site scripting (XSS) issue exists, allowing remote authenticated users with "administer biblio" privileges to inject arbitrary web script or HTML. This can be achieved via unspecified vectors.
**Recommendations**
For versions 5.x through 5.x-1.17, update to a version later than 5.x-1.17 to resolve the issue.
For versions 6.x through 6.x-1.9, update to a version later than 6.x-1.9 to resolve the issue.