Drupal 7: Internationalization - Moderately critical - Cross site scripting - SA-CONTRIB-2020-025
Project: Internationalization Version: 7.x-1.x-dev Date: 2020-June-17 Security risk: Moderately critical 14∕25 Vulnerability: Cross site scripting
The Internationalization (i18n) module is a collection of modules to extend Drupal 7 core multilingual capabilities and allows to build real life multilingual sites.
A value in the term translation module is displayed without being escaped leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Edit terms in " on a taxonomy vocabulary with i18n term translation enabled and the victim uses the i18n term translation page.
Install the latest version:
Also see the Internationalization project page.