Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote malicious users to inject arbitrary web script or HTML via Javascript in an IMG tag.
source: wwwsecurityfocuscom/bid/5801/info
Problems with Drupal could allow an attacker to execute arbitrary script code in a vulnerable client
Drupal fails to sufficiently filter potentially malicious HTML code from news posts As a result, when a user views a news posting that contains malicious HTML code, the code contained in the pos ...