CVE-2006-2260
Drupal 4.5 and 4.6 - Cross-Site Scripting in Project Module
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
References (5)
Core 5
Core References
Patch x_refsource_confirm
http://drupal.org/node/62406
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17885
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26358
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1697
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19997
Scores
EPSS
0.0043
EPSS Percentile
62.5%
Details
Status
published
Products (10)
drupal/drupal
4.5
drupal/drupal
4.5.1
drupal/drupal
4.5.2
drupal/drupal
4.5.3
drupal/drupal
4.5.4
drupal/drupal
4.5.5
drupal/drupal
4.6
drupal/drupal
4.6.1
drupal/drupal
4.6.2
drupal/drupal
4.6.3
Published
May 09, 2006
Tracked Since
Feb 18, 2026