CVE-2006-5475

Multiple cross-site scripting XSS vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed...

CVE-2006-4949

Cross-site scripting XSS vulnerability in the Drupal 4.6 Site Profile Directory profilepages.module before 1.1.2.1 and the Drupal 4.7 Site Profile Directory profilepages.module before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack o...

CVE-2006-4120

Cross-site scripting XSS vulnerability in the Recipe module recipe.module before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2006-4120

The CVE-2006-4120 entry documents a cross-site scripting (XSS) vulnerability in Drupal’s Recipe module (recipe.module) prior to version 1.54, affecting Drupal 4.6 and earlier. The underlying issue is an XSS flaw in the Recipe module that allows remote attackers to inject arbitrary web scripts or ...

CVE-2006-4002

Cross-site scripting XSS vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information...

CVE-2006-4002

Drupal vulnerable component: the user.module in Drupal 4.6 (before 4.6.9) and 4.7 (before 4.7.3) allows remote XSS via the msg parameter. Impact: arbitrary script execution in a user’s browser (potential session-related risk). Root cause: insufficient input sanitising in user module. Affected ver...

CVE-2006-3570

Cross-site scripting XSS vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2006-3570

Cross-site scripting XSS vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2006-3570

Cross-site scripting XSS vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Directory traversal

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with modmime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory...

CVE-2006-2743

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with modmime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory...

CVE-2006-2260

Cross-site scripting XSS vulnerability in the project module project.module in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors...