CVE-2009-3156

Name of the Vulnerable Software and Affected Versions: Drupal Date module versions prior to 6.x-2.3

Description: A cross-site scripting (XSS) issue exists in the Date Tools sub-module of the Date module, allowing remote authenticated users with specific privileges to inject arbitrary web script or HTML via a "Content type label" field. This can be exploited by users with "use date tools" or "administer content types" privileges.

Recommendations: For versions prior to 6.x-2.3, update to version 6.x-2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Content type label" field for users with "use date tools" or "administer content types" privileges until the update is applied.