Vulnerabilities > CVE-2006-2833 - Input Validation vulnerability in Drupal 4.6.8/4.7.2
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1125.NASL description The Drupal update in DSA 1125 contained a regression. This update corrects this flaw. For completeness, the original advisory text below : Several remote vulnerabilities have been discovered in the Drupal website platform, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2742 A SQL injection vulnerability has been discovered in the last seen 2020-06-01 modified 2020-06-02 plugin id 22667 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22667 title Debian DSA-1125-2 : drupal - several vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6DA7344B128A11DBB25F00E00C69A70D.NASL description The Drupal team reports : Vulnerability: XSS Vulnerability in taxonomy module It is possible for a malicious user to insert and execute XSS into terms, due to lack of validation on output of the page title. The fix wraps the display of terms in check_plain(). last seen 2020-06-01 modified 2020-06-02 plugin id 22052 published 2006-07-17 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22052 title FreeBSD : drupal -- multiple vulnerabilities (6da7344b-128a-11db-b25f-00e00c69a70d)
References
- http://drupal.org/files/sa-2006-008/4.6.7.patch
- http://drupal.org/node/66767
- http://secunia.com/advisories/20412
- http://secunia.com/advisories/21244
- http://securityreason.com/securityalert/1041
- http://www.debian.org/security/2006/dsa-1125
- http://www.securityfocus.com/archive/1/435793/100/0/threaded
- http://www.securityfocus.com/bid/18245
- http://www.vupen.com/english/advisories/2006/2112
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26893