ID CVE-2005-3973 Type cve Reporter cve@mitre.org Modified 2018-10-19T15:39:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist.
{"osvdb": [{"lastseen": "2017-04-28T13:20:18", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-958)\n[Secunia Advisory ID:17824](https://secuniaresearch.flexerasoftware.com/advisories/17824/)\n[Secunia Advisory ID:18630](https://secuniaresearch.flexerasoftware.com/advisories/18630/)\nOther Advisory URL: http://drupal.org/files/sa-2005-007/advisory.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/1079.html\nKeyword: DRUPAL-SA-2005-007\nFrSIRT Advisory: ADV-2005-2684\n[CVE-2005-3973](https://vulners.com/cve/CVE-2005-3973)\nBugtraq ID: 15677\n", "modified": "2005-11-30T09:03:42", "published": "2005-11-30T09:03:42", "href": "https://vulners.com/osvdb/OSVDB:21351", "id": "OSVDB:21351", "title": "Drupal Multiple HTML/SGML Tag XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-16T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55937", "id": "OPENVAS:55937", "title": "FreeBSD Ports: drupal", "type": "openvas", "sourceData": "#\n#VID faca0843-6281-11da-8630-00123ffe8333\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: drupal\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://drupal.org/files/sa-2005-007/advisory.txt\nhttp://drupal.org/files/sa-2005-008/advisory.txt\nhttp://drupal.org/files/sa-2005-009/advisory.txt\nhttp://secunia.com/advisories/17824/\nhttp://www.vuxml.org/freebsd/faca0843-6281-11da-8630-00123ffe8333.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(55937);\n script_version(\"$Revision: 4078 $\");\n script_cve_id(\"CVE-2005-3973\", \"CVE-2005-3974\", \"CVE-2005-3975\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-16 07:34:17 +0200 (Fri, 16 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"FreeBSD Ports: drupal\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"drupal\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.6.4\")<0) {\n txt += 'Package drupal version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:47", "bulletinFamily": "scanner", "description": "The remote host is missing an update to drupal\nannounced via advisory DSA 958-1.\n\nSeveral security related problems have been discovered in drupal, a\nfully-featured content management/discussion engine. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:\n\nCVE-2005-3973\n\nSeveral cross-site scripting vulnerabilities allow remote\nattackers to inject arbitrary web script or HTML.\n\nCVE-2005-3974\n\nWhen running on PHP5, Drupal does not correctly enforce user\nprivileges, which allows remote attackers to bypass the access\nuser profiles permission.\n\nCVE-2005-3975\n\nAn interpretation conflict allows remote authenticated users to\ninject arbitrary web script or HTML via HTML in a file with a GIF\nor JPEG file extension.\n\nThe old stable distribution (woody) does not contain drupal packages.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56213", "id": "OPENVAS:56213", "title": "Debian Security Advisory DSA 958-1 (drupal)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_958_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 958-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 4.5.3-5.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4.5.6-1.\n\nWe recommend that you upgrade your drupal package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20958-1\";\ntag_summary = \"The remote host is missing an update to drupal\nannounced via advisory DSA 958-1.\n\nSeveral security related problems have been discovered in drupal, a\nfully-featured content management/discussion engine. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:\n\nCVE-2005-3973\n\nSeveral cross-site scripting vulnerabilities allow remote\nattackers to inject arbitrary web script or HTML.\n\nCVE-2005-3974\n\nWhen running on PHP5, Drupal does not correctly enforce user\nprivileges, which allows remote attackers to bypass the access\nuser profiles permission.\n\nCVE-2005-3975\n\nAn interpretation conflict allows remote authenticated users to\ninject arbitrary web script or HTML via HTML in a file with a GIF\nor JPEG file extension.\n\nThe old stable distribution (woody) does not contain drupal packages.\";\n\n\nif(description)\n{\n script_id(56213);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3973\", \"CVE-2005-3974\", \"CVE-2005-3975\");\n script_bugtraq_id(15674,15677,15663);\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 958-1 (drupal)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"drupal\", ver:\"4.5.3-5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:47", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 958-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary 27th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : drupal\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2005-3973 CVE-2005-3974CVE-2005-3975\nBugTraq IDs : 15674 15677 15663\n\nSeveral security related problems have been discovered in drupal, a\nfully-featured content management/discussion engine. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:\n\nCVE-2005-3973\n\n Several cross-site scripting vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.\n\nCVE-2005-3974\n\n When running on PHP5, Drupal does not correctly enforce user\n privileges, which allows remote attackers to bypass the "access\n user profiles" permission.\n\nCVE-2005-3975\n\n An interpretation conflict allows remote authenticated users to\n inject arbitrary web script or HTML via HTML in a file with a GIF\n or JPEG file extension.\n\nThe old stable distribution (woody) does not contain drupal packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 4.5.3-5.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4.5.6-1.\n\nWe recommend that you upgrade your drupal package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-5.dsc\n Size/MD5 checksum: 609 55d91c43600aa680ba52b17c717ea8e3\n http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-5.diff.gz\n Size/MD5 checksum: 80360 5349b33da1964a91340d7e98db1fc924\n http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz\n Size/MD5 checksum: 471540 bf093c4c8aca7bba62833ea1df35702f\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-5_all.deb\n Size/MD5 checksum: 501814 925cd8f84b2ec34f98663d849816066b\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2006-01-27T00:00:00", "published": "2006-01-27T00:00:00", "id": "DEBIAN:DSA-958-1:2FB56", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00032.html", "title": "[SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2019-11-01T02:25:55", "bulletinFamily": "scanner", "description": "Several security related problems have been discovered in drupal, a\nfully-featured content management/discussion engine. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities :\n\n - CVE-2005-3973\n Several cross-site scripting vulnerabilities allow\n remote attackers to inject arbitrary web script or HTML.\n\n - CVE-2005-3974\n When running on PHP5, Drupal does not correctly enforce\n user privileges, which allows remote attackers to bypass\n the ", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-958.NASL", "href": "https://www.tenable.com/plugins/nessus/22824", "published": "2006-10-14T00:00:00", "title": "Debian DSA-958-1 : drupal - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-958. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22824);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/08/02 13:32:20\");\n\n script_cve_id(\"CVE-2005-3310\", \"CVE-2005-3477\", \"CVE-2005-3973\", \"CVE-2005-3974\", \"CVE-2005-3975\", \"CVE-2005-4426\");\n script_bugtraq_id(15663, 15674, 15677);\n script_xref(name:\"DSA\", value:\"958\");\n\n script_name(english:\"Debian DSA-958-1 : drupal - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security related problems have been discovered in drupal, a\nfully-featured content management/discussion engine. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities :\n\n - CVE-2005-3973\n Several cross-site scripting vulnerabilities allow\n remote attackers to inject arbitrary web script or HTML.\n\n - CVE-2005-3974\n When running on PHP5, Drupal does not correctly enforce\n user privileges, which allows remote attackers to bypass\n the 'access user profiles' permission.\n\n - CVE-2005-3975\n An interpretation conflict allows remote authenticated\n users to inject arbitrary web script or HTML via HTML in\n a file with a GIF or JPEG file extension.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2005-3973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2005-3974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2005-3975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-958\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the drupal package.\n\nThe old stable distribution (woody) does not contain drupal packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 4.5.3-5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:drupal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"drupal\", reference:\"4.5.3-5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}]}
