Vulnerabilities > Drupal > Drupal > 4.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-09 | CVE-2006-2260 | HTML Injection vulnerability in Drupal Project Module Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network drupal | 4.3 |
| 2005-12-03 | CVE-2005-3974 | Unspecified vulnerability in Drupal Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission. | 6.4 |