Drupal · Drupal · CVE-2006-4120
**Name of the Vulnerable Software and Affected Versions**
Drupal versions prior to 4.7, with the Recipe module version prior to 1.54
**Description**
A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is due to an unspecified vector in the Recipe module.
**Recommendations**
For Drupal versions prior to 4.7, with the Recipe module version prior to 1.54, update the Recipe module to version 1.54 or later.