CVE-2007-3818

2007-07-1701:00:00

mitre

www.cve.org

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

30.2%

JSON

Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with “administer blocks” permission to inject arbitrary JavaScript and gain privileges via “the message displayed above the default user login block.”

References

drupal.org/node/158921

osvdb.org/37010