Lucene search

[email protected]CVE-2007-5621

HistoryOct 22, 2007 - 7:46 p.m.

CVE-2007-5621

2007-10-2219:46:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-5621

token module

xss

drupal

nvd

security vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames.

Affected configurations

NVD

Node

drupalasin_field_module

drupaldrupalMatch4.7

drupaldrupalMatch5.0

drupaldrupalMatch5.1

drupaldrupalMatch5.2

drupale-commerce_module

drupalfullname_field_for_cck

drupalinvite_module

drupalnode_relativity_module

drupalpathauto_module

drupalpaypal_node_module

drupaltoken_moduleRange≤1.4

drupaltoken_moduleRange≤1.8

drupalubercart_module

CPENameOperatorVersion
drupal:asin_field_moduledrupal asin field moduleeq*
drupal:drupaldrupaleq4.7
drupal:drupaldrupaleq5.0
drupal:drupaldrupaleq5.1
drupal:drupaldrupaleq5.2
drupal:e-commerce_moduledrupal e-commerce moduleeq*
drupal:fullname_field_for_cckdrupal fullname field for cckeq*
drupal:invite_moduledrupal invite moduleeq*
drupal:node_relativity_moduledrupal node relativity moduleeq*
drupal:pathauto_moduledrupal pathauto moduleeq*

CPE	Name	Operator	Version
drupal:asin_field_module	drupal asin field module	eq	*
drupal:drupal	drupal	eq	4.7
drupal:drupal	drupal	eq	5.0
drupal:drupal	drupal	eq	5.1
drupal:drupal	drupal	eq	5.2
drupal:e-commerce_module	drupal e-commerce module	eq	*
drupal:fullname_field_for_cck	drupal fullname field for cck	eq	*
drupal:invite_module	drupal invite module	eq	*
drupal:node_relativity_module	drupal node relativity module	eq	*
drupal:pathauto_module	drupal pathauto module	eq	*

Rows per page:

1-10 of 141

References

drupal.org/node/184336

osvdb.org/38073

secunia.com/advisories/27291

exchange.xforce.ibmcloud.com/vulnerabilities/37275

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Related for CVE-2007-5621

nvd1 prion1 cvelist1