CVE-2006-4949

Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters.

🔗 References (10)

• cve@mitrehttp://drupal.org/node/85048
• cve@mitrehttp://secunia.com/advisories/22035
• cve@mitrehttp://www.osvdb.org/29029
• cve@mitrehttp://www.vupen.com/english/advisories/2006/3714
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/29061
• af854a3a-2127-422b-91ae-364da2661108http://drupal.org/node/85048
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22035
• af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/29029
• af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3714
• af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29061