CVE-2007-2159

Currently unrated

Key Information:

Vendor: Drupal
Status: Database Administration Module
Vendor: CVE Published:; 22 April 2007

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-, and before 4.7.x-1.2 in the 4.7.x-1. series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface.

References

http://secunia.com/advisories/24848

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2007/1360

vdb-entryx_refsource_VUPEN

http://osvdb.org/34961

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Apr 22, 2007
Vulnerability Reserved
Apr 22, 2007