Lucene search

[email protected]CVE-2007-3817

HistoryJul 17, 2007 - 1:30 a.m.

CVE-2007-3817

2007-07-1701:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3817

cross-site scripting

xss

logintoboggan

drupal

vulnerability

nvd

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.2%

JSON

Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a “Log out” link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. NOTE: Drupal sanitizes the username by removing certain characters, so this might not be a vulnerability on default installations.

CPENameOperatorVersion
drupal:logintoboggan_moduledrupal logintoboggan modulele5.x-1.x-dev
drupal:logintoboggan_moduledrupal logintoboggan modulele4.7.x-1.0

CPE	Name	Operator	Version
drupal:logintoboggan_module	drupal logintoboggan module	le	5.x-1.x-dev
drupal:logintoboggan_module	drupal logintoboggan module	le	4.7.x-1.0

References

drupal.org/node/158921

osvdb.org/36343

secunia.com/advisories/26028

www.securityfocus.com/bid/24901

www.vupen.com/english/advisories/2007/2526

exchange.xforce.ibmcloud.com/vulnerabilities/35387

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.2%

JSON

Related for CVE-2007-3817

prion1