Unrated severityNVD Advisory· Published Dec 3, 2005· Updated Jun 16, 2026
CVE-2005-3973
CVE-2005-3973
Description
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:a:drupal:drupal:4.5.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:drupal:drupal:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
- (no CPE)range: 4.5.0 - 4.5.5, 4.6.0 - 4.6.3
Patches
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
8- drupal.org/files/sa-2005-007/advisory.txtnvdPatchVendor Advisory
- secunia.com/advisories/17824nvdPatchVendor Advisory
- www.securityfocus.com/bid/15677nvdPatch
- drupal.org/files/sa-2005-007/4.6.3.patchnvd
- secunia.com/advisories/18630nvd
- www.debian.org/security/2006/dsa-958nvd
- www.securityfocus.com/archive/1/418292/100/0/threadednvd
- www.vupen.com/english/advisories/2005/2684nvd
News mentions
0No linked articles in our index yet.