Drupal 5.x and 6.x prior to 6.16 uses a user-supplied value in output during site installation which could allow an malicious user to craft a URL and perform a cross-site scripting attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal |