Unrated severityNVD Advisory· Published Dec 8, 2006· Updated Jun 16, 2026

CVE-2006-6386

Description

Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Drupal/Cvs Management And Tracker3 versions
cpe:2.3:a:drupal:cvs_management_and_tracker:4.7_1.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:drupal:cvs_management_and_tracker:4.7_1.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:cvs_management_and_tracker:4.7_2.0:*:*:*:*:*:*:*
- (no CPE)range: 4.7.x-1.0, 4.7.x-2.0, 4.7.0 (before 20060807)

Patches

Vulnerability mechanics

References

drupal.org/node/101540nvdPatchVendor Advisory
secunia.com/advisories/23261nvdPatchVendor Advisory
www.securityfocus.com/bid/21455nvd
www.vupen.com/english/advisories/2006/4870nvd
exchange.xforce.ibmcloud.com/vulnerabilities/30748nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000