Vulnerabilities > CVE-2006-2833 - Input Validation vulnerability in Drupal 4.6.8/4.7.2

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
drupal
nessus

Summary

Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.

Vulnerable Configurations

Part Description Count
Application
Drupal
2

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1125.NASL
    descriptionThe Drupal update in DSA 1125 contained a regression. This update corrects this flaw. For completeness, the original advisory text below : Several remote vulnerabilities have been discovered in the Drupal website platform, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2742 A SQL injection vulnerability has been discovered in the
    last seen2020-06-01
    modified2020-06-02
    plugin id22667
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22667
    titleDebian DSA-1125-2 : drupal - several vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6DA7344B128A11DBB25F00E00C69A70D.NASL
    descriptionThe Drupal team reports : Vulnerability: XSS Vulnerability in taxonomy module It is possible for a malicious user to insert and execute XSS into terms, due to lack of validation on output of the page title. The fix wraps the display of terms in check_plain().
    last seen2020-06-01
    modified2020-06-02
    plugin id22052
    published2006-07-17
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22052
    titleFreeBSD : drupal -- multiple vulnerabilities (6da7344b-128a-11db-b25f-00e00c69a70d)