• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Drupal URL-Encoded Input HTML Injection Vulnerability

Bugtraq ID:	16117
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 01 2006 12:00AM
Updated:	Jan 01 2006 12:00AM
Credit:	Discovery is credited to liz0@bsdmail.com.
Vulnerable:	Drupal Drupal 4.6.5 Drupal Drupal 4.6.4 Drupal Drupal 4.6.3 Drupal Drupal 4.6.2 Drupal Drupal 4.6.1 Drupal Drupal 4.6 Drupal Drupal 4.5.7 Drupal Drupal 4.5.6 Drupal Drupal 4.5.5 Drupal Drupal 4.5.4 Drupal Drupal 4.5.3 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 alpha + Debian Linux 3.1 + Debian Linux 3.1 Drupal Drupal 4.5.2 Drupal Drupal 4.5.2 Drupal Drupal 4.5.1 Drupal Drupal 4.5 Drupal Drupal 4.4.3 Drupal Drupal 4.4.2 Drupal Drupal 4.4.1 Drupal Drupal 4.4 Drupal Drupal 4.2 .0 RC Drupal Drupal 4.1 .0 Drupal Drupal 4.0 .0
Not Vulnerable: