Description

Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2006-3570

Related Vulnerabilities

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29516)

WordPress Plugin WP Comment Remix SQL Injection and HTML Injection Vulnerabilities (1.4.3)

Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-12458)

WordPress Plugin Shareaholic-share buttons, related posts, social analytics & more Cross-Site Scripting (7.6.0.9)

Sqlite Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2015-3717)

Severity

Medium

Classification

CVE-2006-3570

Tags

Missing Update Known Vulnerabilities