Vulnerability CVE-2007-0136

Vulnerability Name:

CVE-2007-0136 (CCN-31311)

Assigned:

2007-01-05

Published:

2007-01-05

Updated:

2021-04-19

Summary:

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules.
Note: some of these details are obtained from third party information.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-0136

Source: CCN
Type: DRUPAL-SA-2007-001
Drupal core. Cross site scripting

Source: CONFIRM
Type: Vendor Advisory
http://drupal.org/files/sa-2007-001/advisory.txt

Source: CONFIRM
Type: Patch, Vendor Advisory
http://drupal.org/node/104233

Source: FULLDISC
Type: Third Party Advisory
20070105 [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes

Source: OSVDB
Type: Broken Link
32139

Source: OSVDB
Type: Broken Link
32140

Source: CCN
Type: Drupal Web site
drupal.org | community plumbing

Source: CCN
Type: OpenPKG-SA-2007.003
Drupal

Source: CCN
Type: OSVDB ID: 32139
Drupal Filter Module Unspecified XSS

Source: CCN
Type: OSVDB ID: 32140
Drupal System Module Unspecified XSS

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20070105 [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue

Source: CCN
Type: BID-21887
Drupal Unspecified Cross-Site Scripting Vulnerability

Source: VUPEN
Type: Not Applicable
ADV-2007-0050

Source: XF
Type: Third Party Advisory, VDB Entry
drupal-core-unspecified-xss(31311)

Source: XF
Type: UNKNOWN
drupal-core-unspecified-xss(31311)

Vulnerable Configuration:

Configuration 1:

cpe:/a:drupal:drupal:*:*:*:*:*:*:*:* (Version >= 4.6.0 and < 4.6.11)

OR cpe:/a:drupal:drupal:*:*:*:*:*:*:*:* (Version >= 4.7.0 and < 4.7.5)

Denotes that component is vulnerable

BACK