Vulnerabilities > CVE-2006-4002 - Cross-Site Scripting vulnerability in Drupal User.Module

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
drupal
nessus

Summary

Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information. This vulnerability is addressed in the following product releases: Drupal, Drupal, 4.6.9 Drupal, Drupal, 4.7.3

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-1147.NASL
descriptionAyman Hourieh discovered that Drupal, a dynamic website platform, performs insufficient input sanitising in the user module, which might lead to cross-site scripting.
last seen2020-06-01
modified2020-06-02
plugin id22689
published2006-10-14
reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/22689
titleDebian DSA-1147-1 : drupal - missing input sanitising