NVD

Id
57684  
Name
CVE-2007-5621  
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2007-10-22  
Modified Date
2008-11-15  
Seq
2007-5621  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
295192 57684 CVE-2007-5621 http://drupal.org/node/184336  View
295193 57684 CVE-2007-5621 drupal-tokenmodule-xss(37275)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
54129 JVNDB-2007-002821 Drupal 用の Token モジュールにおけるクロスサイトスクリプティングの脆弱性 ASIN Field、e-Commerce、Fullname field for CCK、Invite、Node Relativity、Pathauto、PayPal Node、および Ubercart モジュールで使用される Drupal 用の Token モジュールには、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2007-5621 28976 CVE-2007-5621 57684 3.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002821.html 2007-10-17 2012-06-26 View