| Vulnerability Name: | CVE-2006-3570 (CCN-27685) | ||||||||
| Assigned: | 2006-07-09 | ||||||||
| Published: | 2006-07-09 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-3570 Source: CCN Type: Drupal.org Web site Drupal Content Management System Source: CCN Type: Drupal Security Advisory DRUPAL-SA-2006-010 XSS vulnerability in webform module Source: CONFIRM Type: Patch http://drupal.org/node/72846 Source: CCN Type: SA21021 Drupal webform Module Script Insertion Vulnerabilities Source: SECUNIA Type: Vendor Advisory 21021 Source: CCN Type: OSVDB ID: 27138 Drupal webform Module XSS Source: BID Type: UNKNOWN 18947 Source: CCN Type: BID-18947 Drupal Webform Multiple Unspecified Cross-Site Scripting Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-2764 Source: XF Type: UNKNOWN webform-unspecified-xss(27685) Source: XF Type: UNKNOWN webform-unspecified-xss(27685) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||