Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) prior to 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) prior to 1.2.2.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal site profile directory module |