Drupal 7: Internationalization - Moderately critical - Cross site scripting - SA-CONTRIB-2020-025

Drupal Security

Project: Internationalization
Version: 7.x-1.x-dev
Date: 2020-June-17
Security risk: Moderately critical 14∕25 
Vulnerability: Cross site scripting

Description

The Internationalization (i18n) module is a collection of modules to extend Drupal 7 core multilingual capabilities and allows to build real life multilingual sites.

A value in the term translation module is displayed without being escaped leading to a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Edit terms in " on a taxonomy vocabulary with i18n term translation enabled and the victim uses the i18n term translation page.

Solution

Install the latest version:

If you use the Internationalization (i18n) module for Drupal 7.x, upgrade to i18n 7.x-1.27.

Also see the Internationalization project page.

We value your opinion. Please add your feedback.