ID CVE-2006-5477
Summary Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.
References
Vulnerable Configurations
  • cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.3:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 17-10-2018 - 21:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:N/A:N
refmap via4
bid 20631
bugtraq 20061019 [DRUPAL-SA-2006-026] Drupal 4.6.10 / 4.7.4 fixes HTML attribute injection issue
confirm http://drupal.org/node/88828
openpkg OpenPKG-SA-2006.025-drupal
secunia 22486
sreason 1764
vupen ADV-2006-4120
xf drupal-form-xss(29682)
Last major update 17-10-2018 - 21:43
Published 24-10-2006 - 20:07
Last modified 17-10-2018 - 21:43
Back to Top