Description

Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.

Remediation

References

CVE-2006-2832

Related Vulnerabilities

Apache HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2007-1741)

WordPress Plugin Booster for WooCommerce Multiple Cross-Site Request Forgery Vulnerabilities (6.0.0)

Apache HTTP Server Other Vulnerability (CVE-2003-0245)

WordPress Plugin Archivist-Custom Archive Templates Multiple Vulnerabilities (1.7.4)

WordPress Plugin Visitor Traffic Real Time Statistics Security Bypass (2.11)

Severity

Low

Classification

CVE-2006-2832

Tags

Missing Update Known Vulnerabilities