Cross-site Scripting Vulnerability in Drupal Easylinks Module by Drupal
CVE-2006-4355

Currently unrated

Key Information:

Vendor: Drupal
Status: Drupal Easylinks Module
Vendor: CVE Published:; 27 August 2006

Summary

The Easylinks Module for Drupal contains a vulnerability that allows remote attackers to exploit Cross-site Scripting (XSS) by injecting arbitrary web scripts or HTML through unspecified vectors. This could lead to unauthorized actions on behalf of users or exposure of sensitive information when users interact with the compromised site. Users are advised to upgrade to the latest version to mitigate these risks.

References

http://secunia.com/advisories/21603

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/3365

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/28525

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 27, 2006
Vulnerability Reserved
Aug 25, 2006