Vulnerabilities > CVE-2007-2159 - Cross-Site Scripting vulnerability in Drupal Database Administration Module 4.6/4.7

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

drupal

NVD

Published: 2007-04-22

Updated: 2011-03-08

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface.

Vulnerable Configurations

Part	Description	Count
Application	Drupal Drupal Database Administration Module 4.6 Drupal Database Administration Module 4.7	2

References

http://drupal.org/node/135549
http://osvdb.org/34961
http://secunia.com/advisories/24848
http://www.vupen.com/english/advisories/2007/1360