Unrated severityNVD Advisory· Published Sep 23, 2006· Updated Jun 16, 2026

CVE-2006-4949

Description

Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Drupal/Site Profile Directory Module
cpe:2.3:a:drupal:site_profile_directory_module:*:*:*:*:*:*:*:*
Drupal/profile_pagesllm-create
Range: <1.1.2.1

Patches

Vulnerability mechanics

References

secunia.com/advisories/22035nvdPatchVendor Advisory
drupal.org/node/85048nvd
www.osvdb.org/29029nvd
www.vupen.com/english/advisories/2006/3714nvd
exchange.xforce.ibmcloud.com/vulnerabilities/29061nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000