Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2009-1575 - Vulnerability Database
Drupal

Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2009-1575

Medium
Reference: CVE-2009-1575
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2009-1575
Title: Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11 as used in vbDrupal before 5.17.0 allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag which are treated as UTF-7 by Internet Explorer 6 and 7.