Description
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
Remediation
References
Related Vulnerabilities
WordPress Plugin Super Forms-Drag & Drop Form Builder Arbitrary File Upload (4.9.700)
Envoy Proxy Improper Encoding or Escaping of Output Vulnerability (CVE-2024-45808)
WordPress Plugin Per page add to head Cross-Site Scripting (1.4.4)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4301)