2 matches found
CVE-2006-4360
Cross-site scripting XSS vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 20060812 allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2006-4360
The CVE-2006-4360 entry concerns the Drupal-based E-commerce 4.7 module vulnerability: before file.module 1.37.2.4 (20060812), remote authenticated users with the "create products" permission can inject arbitrary web script or HTML via unspecified vectors. The affected software is E-commerce 4.7 ...