Description

Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.

Remediation

References

CVE-2006-5475

Related Vulnerabilities

Chamilo Other Vulnerability (CVE-2023-34958)

WordPress Plugin Tera Charts Cross-Site Scripting (1.0)

Apache HTTP Server Other Vulnerability (CVE-2003-0017)

WordPress Plugin Gallery-Video Gallery and Youtube Gallery Cross-Site Scripting (1.2.4)

WordPress Plugin The Events Calendar:Eventbrite Tickets Cross-Site Scripting (3.9.6)

Severity

Medium

Classification

CVE-2006-5475

Tags

Missing Update Known Vulnerabilities