Cross-Site Scripting Vulnerabilities in Database Administration Module for Drupal
CVE-2007-2159

Currently unrated

Key Information:

Vendor: Drupal
Status: Database Administration Module
Vendor: CVE Published:; 22 April 2007

Summary

The Database Administration module for Drupal contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML. These vulnerabilities arise from the direct display of data retrieved from the database and other areas within the user interface. As a result, an attacker can exploit these weaknesses to execute malicious scripts in the context of users' browsers, potentially compromising their data and security. It is crucial for users of affected versions to apply available patches promptly to mitigate these risks.

References

http://secunia.com/advisories/24848

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2007/1360

vdb-entryx_refsource_VUPEN

http://osvdb.org/34961

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Apr 22, 2007
Vulnerability Reserved
Apr 22, 2007