CVE-2007-3818

2007-07-17T01:30:00
ID CVE-2007-3818
Type cve
Reporter cve@mitre.org
Modified 2012-10-31T02:39:00

Description

Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."