FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- multiple vulnerabilities

Affected packages
drupal < 4.6.8

Details

VuXML ID 6da7344b-128a-11db-b25f-00e00c69a70d
Discovery 2006-05-18
Entry 2006-07-13
Modified 2006-07-14

The Drupal team reports:

Vulnerability: XSS Vulnerability in taxonomy module

It is possible for a malicious user to insert and execute XSS into terms, due to lack of validation on output of the page title. The fix wraps the display of terms in check_plain().

[source]

References

CVE Name CVE-2006-2833
URL http://drupal.org/node/66767

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.