CVE Vulnerability

CVE-2007-0136

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://drupal.org/node/104233 Patch Vendor Advisory
http://drupal.org/files/sa-2007-001/advisory.txt Vendor Advisory
http://osvdb.org/32139 Broken Link
http://osvdb.org/32140 Broken Link
http://www.vupen.com/english/advisories/2007/0050 Not Applicable
http://marc.info/?l=full-disclosure&m=116799778408115&w=2 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31311 Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/456054/100/100/threaded Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Information

Published : 2007-01-09 11:28

Updated : 2021-04-19 01:42

NVD link : CVE-2007-0136

Mitre link : CVE-2007-0136

Products Affected
No products.
CWE
CWE-79