CVE-2007-0136

CVE-2007-0136

EPSS 2.1%

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://drupal.org/files/sa-2007-001/advisory.txt http://drupal.org/node/104233 http://marc.info/?l=full-disclosure&m=116799778408115&w=2 http://osvdb.org/32139 http://osvdb.org/32140 https://exchange.xforce.ibmcloud.com/vulnerabilities/31311 http://www.securityfocus.com/archive/1/456054/100/100/threaded http://www.vupen.com/english/advisories/2007/0050