Unrated severityNVD Advisory· Published Jul 13, 2006· Updated Jun 16, 2026

CVE-2006-3570

Description

Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Drupal/Drupal2 versions
cpe:2.3:a:drupal:drupal:4.6:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:drupal:drupal:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.7:*:*:*:*:*:*:*
Drupal/webformllm-create
Range: <= 4.6 (before July 8, 2006) and <= 4.7 (before July 8, 2006)

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

drupal.org/node/72846nvdPatch
secunia.com/advisories/21021nvdVendor Advisory
www.securityfocus.com/bid/18947nvd
www.vupen.com/english/advisories/2006/2764nvd
exchange.xforce.ibmcloud.com/vulnerabilities/27685nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000