Description
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2019-1035 Vulnerability (CVE-2019-1035)
Moodle Uncontrolled Resource Consumption Vulnerability (CVE-2021-20185)
WordPress Plugin WP Discourse Unspecified Vulnerability (0.9.7)
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-4098)
WordPress Plugin Video Conferencing with Zoom Information Disclosure (3.8.16)