Description

Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.

Remediation

References

CVE-2006-5475

Related Vulnerabilities

MySQL CVE-2016-3424 Vulnerability (CVE-2016-3424)

WordPress Plugin WP Construction Mode Cross-Site Request Forgery (1.8)

WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.9)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.27)

WordPress Plugin Row Seats Core Unspecified Vulnerability (2.66)

Severity

Medium

Classification

CVE-2006-5475

Tags

Missing Update Known Vulnerabilities