Cross-Site Scripting Vulnerability in LoginToboggan Module for Drupal
CVE-2007-3817

Currently unrated

Key Information:

Vendor: Drupal
Status: Logintoboggan Module
Vendor: CVE Published:; 17 July 2007

What is CVE-2007-3817?

The LoginToboggan module for Drupal contains a cross-site scripting vulnerability that allows attackers to inject arbitrary web scripts or HTML code via a specially crafted username. This issue arises when the module is configured to display a 'Log out' link. Although Drupal generally sanitizes usernames by removing certain characters, under specific configurations, this can lead to potential exploitation by remote attackers, compromising the integrity of the web application.

References

http://www.securityfocus.com/bid/24901

vdb-entryx_refsource_BID

http://drupal.org/node/158921

x_refsource_CONFIRM

http://secunia.com/advisories/26028

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2007
Vulnerability Reserved
Jul 16, 2007

JSON