2
Candidate: CVE-2007-5596
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5596
6
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3
7
places the .html extension on a whitelist, which allows remote attackers to
8
conduct cross-site scripting (XSS) attacks by uploading .html files.
12
https://bugs.launchpad.net/ubuntu/+source/drupal5/+bug/154811
19
gutsy_drupal5: released (5.2-2ubuntu2.1)
20
devel_drupal5: not-affected (5.5-1ubuntu1)