Cross-Site Scripting Vulnerabilities in Drupal Project Tracking
CVE-2006-6646

Currently unrated

Key Information:

Vendor: Drupal
Status: Drupal Project; Drupal Project Issue Tracking
Vendor: CVE Published:; 20 December 2006

What is CVE-2006-6646?

Multiple cross-site scripting (XSS) vulnerabilities exist in various versions of Drupal's Project Issue Tracking and related projects. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML through unspecified parameters, as the affected versions fail to utilize the check_plain function adequately. This flaw could lead to unauthorized actions or data exposure, making it imperative for users to apply the necessary security updates.

References

http://drupal.org/node/103943

x_refsource_CONFIRM

http://www.securityfocus.com/bid/21643

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2006/5048

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2006
Vulnerability Reserved
Dec 19, 2006