CVE-2007-5596
CVE-2007-5596 affects Drupal’s core Upload module in Drupal 4.7.x (before 4.7.8) and 5.x (before 5.3). The vulnerability arises from a whitelist that includes the .html extension, allowing remote attackers to upload .html files that can trigger cross-site scripting (XSS). Public details in the co...