Back to search
CVE-2006-0070
Published: Jan 4, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20060103 Re: Drupal all versiyon xss cehennem.org
mailing-list
x_refsource_BUGTRAQ
20060102 Drupal all versiyon xss cehennem.org
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now