Description

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.

Remediation

References

CVE-2009-1575

Related Vulnerabilities

Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7)

Artifactory Incorrect Authorization Vulnerability (CVE-2021-45730)

qdPM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-7246)

Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)

WebLogic Download of Code Without Integrity Check Vulnerability (CVE-2020-5398)

Severity

Medium

Classification

CVE-2009-1575 CWE-707

Tags

Missing Update Known Vulnerabilities