ID CVE-2005-3973
Summary Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist.
References
Vulnerable Configurations
  • cpe:2.3:a:drupal:drupal:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 19-10-2018 - 15:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 15677
bugtraq 20051201 [DRUPAL-SA-2005-007] Drupal 4.6.4 / 4.5.6 fixes XSS issue
confirm http://drupal.org/files/sa-2005-007/advisory.txt
debian DSA-958
misc http://drupal.org/files/sa-2005-007/4.6.3.patch
secunia
  • 17824
  • 18630
vupen ADV-2005-2684
Last major update 19-10-2018 - 15:39
Published 03-12-2005 - 19:03
Last modified 19-10-2018 - 15:39
Back to Top