Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2007-5621 - Vulnerability Database
Drupal

Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2007-5621

Low
Reference: CVE-2007-5621
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2007-5621
Title: Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5 and 5.x before 5.x-1.9 for Drupal as used by the ASIN Field e-Commerce Fullname field for CCK Invite Node Relativity Pathauto PayPal Node and Ubercart modules allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments (2) vocabulary names (3) term names and (4) usernames.