2 matches found
CVE-2007-3817
CVE-2007-3817 is an XSS vulnerability in Drupal’s LoginToboggan module (versions 4.7.x-1.0, 4.7.x-1.x-dev, 5.x-1.x-dev prior to 20070712) that is triggerable when the site renders a Log out link. A crafted username can inject arbitrary script/HTML. Drupal sanitizes usernames by removing certain c...
CVE-2007-3818
CVE-2007-3818 details a cross-site scripting (XSS) vulnerability in the Drupal LoginToboggan module (versions 5.x-1.x-dev before 20070712). The issue allows remote authenticated users who have the administer blocks permission to inject arbitrary JavaScript by manipulating the message displayed ab...