Drupal E-commerce Module Unspecified XSS

2006-08-22T06:49:06
ID OSVDB:28127
Type osvdb
Reporter OSVDB
Modified 2006-08-22T06:49:06

Description

Technical Description

This can only be exploited by a user that has 'create products' permission.

Solution Description

Upgrade to version 4.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific Advisory URL Secunia Advisory ID:21604 Keyword: DRUPAL-SA-2006-016 FrSIRT Advisory: ADV-2006-3364 CVE-2006-4360 Bugtraq ID: 19675