Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2007-5596 - Vulnerability Database

Drupal

Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2007-5596

Medium

Reference: CVE-2007-5596

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2007-5596

Title: Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.