Description

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.

Remediation

References

CVE-2008-6170

Related Vulnerabilities

WordPress Plugin Front-End Only Users Cross-Site Scripting (3.1.10)

WordPress Plugin Hellodialog Unspecified Vulnerability (1.0.2)

WordPress Plugin Stockdio Historical Chart Cross-Site Scripting (2.7.2)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29045)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1251)

Severity

Low

Classification

CVE-2008-6170 CWE-707

Tags

Missing Update Known Vulnerabilities