Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0070


Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0070
Last Modified 05 Sep 2008 04:58:16
Published 03 Jan 2006 07:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



** DISPUTED ** Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE.

Vulnerable Systems


  • Drupal 4.5.6

  • Drupal 4.6.4


BUGTRAQ - 20060103 Re: Drupal all versiyon xss

BUGTRAQ - 20060102 Drupal all versiyon xss

Last Updated: 27 May 2016 10:41:31