Description
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via "some server variables," including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2017-10137 Vulnerability (CVE-2017-10137)
SharePoint Other Vulnerability (CVE-2015-0085)
WordPress Plugin BackWPup Cross-Site Scripting (3.2.5)
WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23437)
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50078)