Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0070

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0070
Last Modified 05 Sep 2008 04:58:16
Published 03 Jan 2006 07:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0070

Summary

** DISPUTED ** Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE.

Vulnerable Systems

Application

  • Drupal 4.5.6

  • Drupal 4.6.4


References

BUGTRAQ - 20060103 Re: Drupal all versiyon xss cehennem.org

BUGTRAQ - 20060102 Drupal all versiyon xss cehennem.org


Last Updated: 27 May 2016 10:41:31