1. CVE-Search
  2. CVE-2006-4360
ID CVE-2006-4360
Summary Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:drupal:drupal_e-commerce_module:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal_e-commerce_module:4.7:*:*:*:*:*:*:*
CVSS
Base: 3.5 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:S/C:N/I:P/A:N
refmap via4
bid 19675
confirm http://drupal.org/node/80084
secunia 21604
vupen ADV-2006-3364
xf ecommerce-unspecified-xss(28528)
Last major update 20-07-2017 - 01:33
Published 27-08-2006 - 02:04
Last modified 20-07-2017 - 01:33
Back to Top