2 matches found
CVE-2006-0070
Drupal allows remote attackers to conduct cross-site scripting XSS attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtere...
CVE-2006-0070
CVE-2006-0070 affects Drupal. The issue is a cross-site scripting (XSS) vector via an IMG tag containing an unusual encoded Javascript function name, demonstrated with variations of the alert() function. The connected sources confirm affected Drupal versions prior to 4.5.6 and prior to 4.6.4 when...