Cross-site scripting (XSS) vulnerability in Drupal 5.x prior to 5.17 and 6.x prior to 6.11, as used in vbDrupal prior to 5.17.0, allows remote malicious users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 5.0 |
||
drupal drupal 5.1 |
||
drupal drupal 5.4 |
||
drupal drupal 5.5 |
||
drupal drupal 5.13 |
||
drupal drupal 5.14 |
||
drupal drupal 6.0 |
||
drupal drupal 6 |
||
drupal drupal 6.5 |
||
drupal drupal 5.1_rev1.1 |
||
drupal drupal 5.2 |
||
drupal drupal 5.3 |
||
drupal drupal 5.9 |
||
drupal drupal 5.12 |
||
drupal drupal 6.1 |
||
drupal drupal 6.2 |
||
drupal drupal 6.10 |
||
drupal drupal 6.4 |
||
drupal drupal 5.7 |
||
drupal drupal 5.8 |
||
drupal drupal 6.6 |
||
drupal drupal 6.8 |
||
drupal drupal 6.9 |
||
drupal drupal 5.10 |
||
drupal drupal 5.11 |
||
drupal drupal 5.5. |
||
drupal drupal 5.6 |
||
drupal drupal 5.15 |
||
drupal drupal 5.16 |
||
drupal drupal 6.3 |
||
drupal drupal 6.7 |