Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote malicious users to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 4.7 |
||
drupal drupal 5.0 |