Vulnerabilities > CVE-2006-5477 - Cross-Site Scripting vulnerability in Drupal
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 14 |
References
- http://drupal.org/node/88828
- http://secunia.com/advisories/22486
- http://securityreason.com/securityalert/1764
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.025-drupal.html
- http://www.securityfocus.com/archive/1/449200/100/0/threaded
- http://www.securityfocus.com/bid/20631
- http://www.vupen.com/english/advisories/2006/4120
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29682