Description
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7832)
Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2827)
MySQL CVE-2019-2632 Vulnerability (CVE-2019-2632)
WordPress Plugin Elementor Website Builder Arbitrary File Upload (2.7.4)
WordPress Plugin Ajax Calendar 'example.php' Cross-Site Scripting (1.0)