Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2007-4064 - Vulnerability Database
Drupal

Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2007-4064

Medium
Reference: CVE-2007-4064
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2007-4064
Title: Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2 and 4.7.x before 4.7.7 (1) allow remote attackers to inject arbitrary web script or HTML via quotsome server variablesquot including PHP_SELF and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names.