Drupal 7: Internationalization - Moderately critical - Cross site scripting - SA-CONTRIB-2020-025
Project: Internationalization
Version: 7.x-1.x-dev
Date: 2020-June-17
Security risk: Moderately critical 14∕25
Vulnerability: Cross site scriptingDescription
The Internationalization (i18n) module is a collection of modules to extend Drupal 7 core multilingual capabilities and allows to build real life multilingual sites.
A value in the term translation module is displayed without being escaped leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Edit terms in " on a taxonomy vocabulary with i18n term translation enabled and the victim uses the i18n term translation page.
Solution
Install the latest version:
If you use the Internationalization (i18n) module for Drupal 7.x, upgrade to i18n 7.x-1.27.
Also see the Internationalization project page.
We value your opinion. Please add your feedback.