| Vulnerability Name: | CVE-2006-6531 (CCN-30807) | ||||||||
| Assigned: | 2006-12-11 | ||||||||
| Published: | 2006-12-11 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. This may lead to administrator access if certain conditions are met. | ||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-6531 Source: CCN Type: Drupal.org Web site Drupal Content Management System Source: CCN Type: DRUPAL-SA-2006-029 Help Tip - Multiple vulnerabilities Source: CONFIRM Type: Patch, Vendor Advisory http://drupal.org/node/102605 Source: CCN Type: SA23295 Drupal Help Tip Module Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 23295 Source: CCN Type: OSVDB ID: 32128 Drupal Help Tip Module Node Title XSS Source: CCN Type: BID-21545 Drupal Help Tip Unspecified Multiple Input Validation Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-4941 Source: XF Type: UNKNOWN drupal-help-tip-xss(30807) Source: XF Type: UNKNOWN drupal-help-tip-xss(30807) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||