ID CVE-2006-2833
Summary Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.
References
Vulnerable Configurations
  • cpe:2.3:a:drupal:drupal:4.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 18-10-2018 - 16:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:P/A:N
refmap via4
bid 18245
bugtraq 20060602 [DRUPAL-SA-2006-008] Drupal 4.6.8 / 4.7.2 fixes XSS issue
confirm
debian DSA-1125
secunia
  • 20412
  • 21244
sreason 1041
vupen ADV-2006-2112
xf drupal-taxonomy-xss(26893)
Last major update 18-10-2018 - 16:43
Published 06-06-2006 - 00:02
Last modified 18-10-2018 - 16:43
Back to Top