CVE-2006-4949
Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 contain an XSS vulnerability caused by lack of output validation, potentially in the name and title parameters. Remote attackers could inject arbitra...