Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the "HTML exports of books" feature; and (2) allow remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via the help text of an arbitrary vocabulary. NOTE: vector 1 exists because of an incomplete fix for CVE-2009-1575.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Taxonomy Vocabulary 多个跨站脚本攻击漏洞
Vulnerability Description
Drupal 5.x之前的版本5.18版本和6.12版本之前的6.x版本中存在多个跨站脚本攻击漏洞。(1)远程认证用户 可以借助被IE浏览器6版本和7版本当作UTF-7字段序列处理的特制的UTF-8字节序列,来注入任意web脚本或HTML且该序列没有经过"HTML输出参考"适当处理;(2)具有管理员分类系统许可的远程认证用户可以借助任意漏洞的帮助文本,注入任意web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A