Description

Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.

Remediation

References

CVE-2006-5475

Related Vulnerabilities

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5320)

WordPress Deserialization of Untrusted Data Vulnerability (CVE-2020-28032)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5832)

WordPress Plugin WooCommerce Weight Based Shipping Cross-Site Request Forgery (5.4.1)

Liferay DXP Incorrect Authorization Vulnerability (CVE-2024-38002)

Severity

Medium

Classification

CVE-2006-5475

Tags

Missing Update Known Vulnerabilities