Published:2006/09/28 Last Updated:2008/05/21
JVN#82240092
Drupal cross-site scripting vulnerability
Overview
Drupal, an open source content management system, contains a cross-site scripting vulnerability.
Products Affected
- Drupal 4.7.2 and earlier
- Drupal 4.6.8 and earlier
Description
Impact
An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possible conduct session hijacking.
Solution
Vendor Status
| Vendor | Link |
| Drupal |
Top page |
|
Drupal 4.7.3 and 4.6.9 released |
|
|
Advisory ID: DRUPAL-SA-2006-011 |
References
JPCERT/CC Addendum
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000640 |