VYPR
Unrated severityNVD Advisory· Published Sep 8, 2006· Updated Jun 16, 2026

CVE-2006-4646

CVE-2006-4646

Description

Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:drupal:drupal_pathauto_module:4.6:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:drupal:drupal_pathauto_module:4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:drupal:drupal_pathauto_module:4.7:*:*:*:*:*:*:*
    • (no CPE)range: <1.17.2.1 (Drupal 4.7) / <1.14.2.1 (Drupal 4.6)

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.