Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2833

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-2833
Last Modified 07 Mar 2011 09:37:05
Published 05 Jun 2006 08:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2833

Summary

Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.

Vulnerable Systems

Application

  • Drupal 4.6.8

  • Drupal 4.7.2


References

BID - 18245

BUGTRAQ - 20060602 [DRUPAL-SA-2006-008] Drupal 4.6.8 / 4.7.2 fixes XSS issue

SECUNIA - 20412

CONFIRM - http://drupal.org/node/66767

CONFIRM - http://drupal.org/files/sa-2006-008/4.6.7.patch

VUPEN - ADV-2006-2112

XF - drupal-taxonomy-xss(26893)

DEBIAN - DSA-1125

SREASON - 1041

SECUNIA - 21244


Last Updated: 27 May 2016 10:42:46