Description

Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.

Remediation

References

CVE-2006-2832

Related Vulnerabilities

WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)

WordPress Plugin WTI Like Post SQL Injection (1.4.2)

WordPress Plugin AccessPress Social Icons includes Backdoor [Only if downloaded via the vendor website] (1.8.2)

WordPress Plugin WP Content Copy Protection & No Right Click Security Bypass (3.1.4)

WordPress Plugin Peter's Math Anti-Spam Audio CAPTCHA Security Bypass (0.1.6)

Severity

Low

Classification

CVE-2006-2832

Tags

Missing Update Known Vulnerabilities