1. CVE-Search
  2. CVE-2006-5475
ID CVE-2006-5475
Summary Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
References
Vulnerable Configurations
  • cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.3:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 17-10-2018 - 21:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20061019 [DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues
confirm http://drupal.org/node/88826
openpkg OpenPKG-SA-2006.025-drupal
osvdb 29922
secunia 22486
sreason 1766
vupen ADV-2006-4120
Last major update 17-10-2018 - 21:43
Published 24-10-2006 - 20:07
Last modified 17-10-2018 - 21:43
Back to Top