Lucene search

[email protected]CVE-2006-3570

HistoryJul 13, 2006 - 1:05 a.m.

CVE-2006-3570

2006-07-1301:05:00

[email protected]

web.nvd.nist.gov

cve-2006-3570

xss vulnerability

drupal

webform module

nvd

security

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.9%

JSON

Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

drupaldrupalMatch4.6

drupaldrupalMatch4.7

CPENameOperatorVersion
drupal:drupaldrupaleq4.6
drupal:drupaldrupaleq4.7

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	4.6
drupal:drupal	drupal	eq	4.7

References

drupal.org/node/72846

secunia.com/advisories/21021

www.securityfocus.com/bid/18947

www.vupen.com/english/advisories/2006/2764

exchange.xforce.ibmcloud.com/vulnerabilities/27685

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for CVE-2006-3570

cvelist1 ubuntucve1 nvd1