2 matches found
Debian Security Advisory DSA 1147-1 (drupal)
The remote host is missing an update to drupal announced via advisory DSA 1147-1. Ayman Hourieh discovered that Drupal, a dynamic website platform, performs insufficient input sanitising in the user module, which might lead to cross-site scripting. OpenVAS Vulnerability Test $Id: deb11471.nasl 66...
CVE-2006-4002
Cross-site scripting XSS vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information...