WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-4064)

Description

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via "some server variables," including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names.

Remediation

References

Related Vulnerabilities

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-22150)

SharePoint CVE-2022-21987 Vulnerability (CVE-2022-21987)

WordPress Plugin Simple Events Calendar SQL Injection (1.3.5)

Ember.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4170)

WordPress Plugin Simple Personal Message SQL Injection (1.0.3)

Severity

Medium

Classification

CVE-2007-4064 CWE-707

Tags

Missing Update Known Vulnerabilities