Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5621

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2007-5621
Last Modified 15 Nov 2008 02:01:34
Published 22 Oct 2007 03:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-5621

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames.

Vulnerable Systems

Application

  • Drupal 4.7

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.2

  • Drupal Asin Field Module

  • Drupal E-commerce Module

  • Drupal Fullname Field For Cck

  • Drupal Invite Module

  • Drupal Node Relativity Module

  • Drupal Pathauto Module

  • Drupal Paypal Node Module

  • Drupal Token Module 1.4

  • Drupal Token Module 1.8

  • Drupal Ubercart Module


References

SECUNIA - 27291

CONFIRM - http://drupal.org/node/184336

OSVDB - 38073

XF - drupal-tokenmodule-xss(37275)


Last Updated: 27 May 2016 10:46:13