Drupal · Drupal · CVE-2006-4646
**Name of the Vulnerable Software and Affected Versions**
Drupal 4.7 Pathauto module versions prior to 1.17.2.1
Drupal 4.6 Pathauto module versions prior to 1.14.2.1
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This could potentially lead to unauthorized access or control of user sessions.
**Recommendations**
For Drupal 4.7 Pathauto module versions prior to 1.17.2.1, update to version 1.17.2.1 or later.
For Drupal 4.6 Pathauto module versions prior to 1.14.2.1, update to version 1.14.2.1 or later.