1. CVE-Search
  2. CVE-2006-4120
ID CVE-2006-4120
Summary Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. If you do not use the Recipe Module, or use Recipe Module version 1.54 or later, you are not affected by this vulnerability. This vulnerability has been addressed in the latest patch for: Drupal, Drupal, 4.6
References
Vulnerable Configurations
  • cpe:2.3:a:drupal:drupal:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:recipe_module:*:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:recipe_module:*:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 19422
confirm
secunia 21381
vupen ADV-2006-3202
xf recipe-unspecified-xss(28490)
Last major update 20-07-2017 - 01:32
Published 14-08-2006 - 23:04
Last modified 20-07-2017 - 01:32
Back to Top