Unrated severityNVD Advisory· Published May 9, 2006· Updated Jun 16, 2026

CVE-2006-2260

Description

Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Drupal/Drupal10 versions
cpe:2.3:a:drupal:drupal:4.5:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:drupal:drupal:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
Drupal/project modulellm-create
Range: 4.5, 4.6

Patches

Vulnerability mechanics

References

drupal.org/node/62406nvdPatch
secunia.com/advisories/19997nvdPatchVendor Advisory
www.securityfocus.com/bid/17885nvdPatch
www.vupen.com/english/advisories/2006/1697nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26358nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000