CVE-2009-3653

Name of the Vulnerable Software and Affected Versions XML Sitemap module for Drupal version 5.x-1.6

Description A cross-site scripting (XSS) issue exists in the additional links interface of the XML Sitemap module, allowing remote authenticated users with "administer site configuration" permission to inject arbitrary web script or HTML. This is related to the output of link paths.

Recommendations For XML Sitemap module for Drupal version 5.x-1.6, consider disabling the additional links interface until a patch is available to prevent exploitation. Restrict access to the module's configuration to minimize the risk of XSS injection. Avoid using the module's link path output feature in untrusted environments until the issue is resolved.