Internationalization - Moderately critical - Cross site scripting - SA-CONTRIB-2020-025

Project: InternationalizationVersion: 7.x-1.x-devDate: 2020-June-17Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingDescription: The Internationalization (i18n) module is a collection of modules to extend Drupal core multilingual capabilities and allows to build real life multilingual sites.
A value in the term translation module is displayed without being escaped leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Edit terms in " on a taxonomy vocabulary with i18n term translation enabled and the victim uses the i18n term translation page.
Solution: Install the latest version:

Also see the Internationalization project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article