Description
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ship To eCourier Cross-Site Request Forgery (1.0.1)
WordPress Plugin Pressbooks Textbook Cross-Site Scripting (1.2.5)
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11585)
IBM WebSEAL Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2018-1803)
WordPress Plugin Active Directory Integration/LDAP Integration Unspecified Vulnerability (3.7.6)