- Advisory ID: DRUPAL-SA-2006-008
- Project: Drupal core
- Date: 2006-Jun-01
- Security risk: less critical
- Impact: Drupal core
- Exploitable from: remote
- Vulnerability: cross-site scripting
It is possible for a malicious user to insert and execute XSS into terms, due to lack of validation on output of the page title. The fix wraps the display of terms in
- Drupal 4.6.x versions before Drupal 4.6.8.
- Drupal 4.7.x versions before Drupal 4.7.2.
The security contact for Drupal can be reached at security at drupal.org or using the form at http://drupal.org/contact.