Vulnerability Name:

CVE-2007-0534 (CCN-31728)

Assigned:2007-01-23
Published:2007-01-23
Updated:2017-07-29
Summary:Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
3.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N)
3.1 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-0534

Source: CCN
Type: DRUPAL-SA-2007-004
Project and Project issue tracking - Multiple vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://drupal.org/node/112146

Source: OSVDB
Type: UNKNOWN
32133

Source: CCN
Type: SA23908
Drupal Project Module Script Insertion Vulnerability

Source: SECUNIA
Type: UNKNOWN
23908

Source: CCN
Type: OSVDB ID: 32133
Drupal Project Module Multiple XSS

Source: BID
Type: UNKNOWN
22224

Source: CCN
Type: BID-22224
Drupal Project and Project Issues Tracking Modules Multiple Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-0312

Source: XF
Type: UNKNOWN
projecttracking-unspecified-xss(31728)

Source: XF
Type: UNKNOWN
projecttracking-unspecified-xss(31728)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:drupal:project:4.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:project:*:*:*:*:*:*:*:* (Version <= 5)
  • OR cpe:/a:drupal:project_issue_tracking_module:4.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:project_issue_tracking_module:*:*:*:*:*:*:*:* (Version <= 5)

    • Configuration CCN 1:
  • cpe:/a:drupal:project_issue_tracking_module:4.7.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    drupal project 4.6.0
    drupal project *
    drupal project issue tracking module 4.7.0
    drupal project issue tracking module *
    drupal project issue tracking module 4.7.0