Description

Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.

Remediation

References

CVE-2006-4002

Related Vulnerabilities

Joomla! Core 1.6.x Multiple Cross-Site Scripting Vulnerabilities (1.6.0 - 1.6.3)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18625)

WordPress Plugin Export Users to CSV CSV Injection (1.4.2)

WordPress Plugin Solve Media CAPTCHA Cross-Site Request Forgery (1.1.0)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Multiple Vulnerabilities (2.9.42)

Severity

Medium

Classification

CVE-2006-4002

Tags

Missing Update Known Vulnerabilities