Description

Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.

Remediation

References

CVE-2006-2832

Related Vulnerabilities

WordPress Plugin Slick Popup:Contact Form 7 Popup Privilege Escalation (1.7.1)

WordPress Plugin Easy WP SMTP Cross-Site Scripting (1.2.4)

WordPress Plugin WP Smart Image II Cross-Site Scripting (0.2)

Apache Tomcat CVE-2019-2684 Vulnerability (CVE-2019-2684)

Oracle Application Server CVE-2008-7235 Vulnerability (CVE-2008-7235)

Severity

Low

Classification

CVE-2006-2832

Tags

Missing Update Known Vulnerabilities