| Vulnerability Name: | CVE-2006-2832 (CCN-40547) | ||||||||
| Assigned: | 2006-06-01 | ||||||||
| Published: | 2006-06-01 | ||||||||
| Updated: | 2018-10-18 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. | ||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.2 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2832 Source: CONFIRM Type: Patch, Vendor Advisory http://drupal.org/files/sa-2006-007/advisory.txt Source: CCN Type: DRUPAL-SA-2006-007 Drupal core and potentially any web application that accepts uploads. Source: CONFIRM Type: Patch http://drupal.org/node/66763 Source: SECUNIA Type: UNKNOWN 21244 Source: SREASON Type: UNKNOWN 1042 Source: DEBIAN Type: UNKNOWN DSA-1125 Source: CCN Type: OSVDB ID: 27595 Drupal upload.module Filename XSS Source: BUGTRAQ Type: UNKNOWN 20060602 [DRUPAL-SA-2006-007] Drupal 4.6.8 / 4.7.2 fixes arbitrary file execution issue Source: BID Type: Patch 18245 Source: CCN Type: BID-18245 Drupal Multiple Input Validation Vulnerabilities Source: XF Type: UNKNOWN upload-filename-xss(40547) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||