2 matches found
CVE-2006-4949
Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 contain an XSS vulnerability caused by lack of output validation, potentially in the name and title parameters. Remote attackers could inject arbitra...
CVE-2006-4949
Cross-site scripting XSS vulnerability in the Drupal 4.6 Site Profile Directory profilepages.module before 1.1.2.1 and the Drupal 4.7 Site Profile Directory profilepages.module before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack o...