Vulnerabilities > CVE-2006-4646 - Cross-Site Scripting vulnerability in Drupal Pathauto Module 4.6/4.7

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

drupal

NVD

Published: 2006-09-08

Updated: 2017-07-20

Summary

Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Drupal Drupal Drupal Pathauto Module 4.6 Drupal Drupal Pathauto Module 4.7	2

References

http://drupal.org/node/82527
http://secunia.com/advisories/21779
http://www.securityfocus.com/bid/19876
http://www.vupen.com/english/advisories/2006/3480
https://exchange.xforce.ibmcloud.com/vulnerabilities/28771