Description
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Customer Reviews Cross-Site Scripting (3.4.2)
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8385)
Ruby on Rails Missing Encryption of Sensitive Data Vulnerability (CVE-2010-3299)
Oracle Database Server CVE-2008-2602 Vulnerability (CVE-2008-2602)
WordPress Plugin KN Fix Your Title Cross-Site Scripting (1.0.1)