Vulnerabilities > CVE-2006-1226 - Unspecified vulnerability in Drupal
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN drupal
nessus
Summary
Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1007.NASL |
description | The Drupal Security Team discovered several vulnerabilities in Drupal, a fully-featured content management and discussion engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1225 Due to missing input sanitising a remote attacker could inject headers of outgoing e-mail messages and use Drupal as a spam proxy. - CVE-2006-1226 Missing input sanity checks allows attackers to inject arbitrary web script or HTML. - CVE-2006-1227 Menu items created with the menu.module lacked access control, which might allow remote attackers to access administrator pages. - CVE-2006-1228 Markus Petrux discovered a bug in the session fixation which may allow remote attackers to gain Drupal user privileges. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22549 |
published | 2006-10-14 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22549 |
title | Debian DSA-1007-1 : drupal - several vulnerabilities |
code |
|
References
- http://drupal.org/node/53803
- http://drupal.org/node/53803
- http://secunia.com/advisories/19245
- http://secunia.com/advisories/19245
- http://secunia.com/advisories/19257
- http://secunia.com/advisories/19257
- http://securityreason.com/securityalert/581
- http://securityreason.com/securityalert/581
- http://www.debian.org/security/2006/dsa-1007
- http://www.debian.org/security/2006/dsa-1007
- http://www.osvdb.org/23910
- http://www.osvdb.org/23910
- http://www.securityfocus.com/archive/1/427588/100/0/threaded
- http://www.securityfocus.com/archive/1/427588/100/0/threaded
- http://www.securityfocus.com/bid/17104
- http://www.securityfocus.com/bid/17104
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25202
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25202