CVE-2005-3975 in Drupalinfo

Summary

Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Drupal.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

12/03/2005

Disclosure

12/03/2005

Moderation

VulDB entry created

Entries

VDB-27254 (1)

CPE

ready

CWE

CWE-80 (Confirmed)

CVSS

3.5

EPSS

0.00817

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2005-3975
NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-3975
CVE Details	https://www.cvedetails.com/cve/CVE-2005-3975/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!