Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1066

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2011-1066
Last Modified 10 Mar 2011 10:51:17
Published 22 Feb 2011 08:00:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-1066

Summary

Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Reyero Messaging 6.x-2.0

  • Reyero Messaging 6.x-2.1

  • Reyero Messaging 6.x-2.2

  • Reyero Messaging 6.x-2.3

  • Reyero Messaging 6.x-4.x


References

CONFIRM - http://drupal.org/node/1064024

XF - messaging-unspec-xss(65449)

BID - 46438

SECUNIA - 43385

OSVDB - 70933


Last Updated: 27 May 2016 10:56:08