4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
78.6%
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before
5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary
web script or HTML via “some server variables,” including PHP_SELF; and (2)
allow remote authenticated administrators to inject arbitrary web script or
HTML via custom content type names.