Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6170)

Description

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.

Remediation

References

CVE-2008-6170

Related Vulnerabilities

WordPress Plugin Top 10-Popular posts for WordPress Cross-Site Request Forgery (2.9.4)

WordPress Plugin Plug your WooCommerce into the largest catalog of customized print products from Helloprint Cross-Site Scripting (1.4.6)

Oracle JRE CVE-2022-21341 Vulnerability (CVE-2022-21341)

Oracle Application Server Other Vulnerability (CVE-2002-0559)

Oracle Application Server Other Vulnerability (CVE-2006-5362)

Severity

Low

Classification

CVE-2008-6170 CWE-707