Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
HTML special characters in the names of content types are not properly sanitized before being displayed on the settings page. I have included a patch for version 6.x-2.1 which could correct this issue.
As it would require administer content types to exploit it as an XSS vulnerability, it would not be considered a security issue based on the following public service announcement: http://drupal.org/node/372836
Comment | File | Size | Author |
---|---|---|---|
#1 | og.admin_.inc_.patch | 510 bytes | mbarbella |
Comments
Comment #1
mbarbella CreditAttribution: mbarbella commentedComment #2
amitaibuMarking correct status - i'll review in the beginning of the week.
Comment #3
amitaibuFixed, thanks!