FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- multiple vulnerabilities

Affected packages
drupal < 4.6.8


VuXML ID 6da7344b-128a-11db-b25f-00e00c69a70d
Discovery 2006-05-18
Entry 2006-07-13
Modified 2006-07-14

The Drupal team reports:

Vulnerability: XSS Vulnerability in taxonomy module

It is possible for a malicious user to insert and execute XSS into terms, due to lack of validation on output of the page title. The fix wraps the display of terms in check_plain().


CVE Name CVE-2006-2833