Cross-Site Scripting Vulnerability in Drupal's LoginToboggan Module
CVE-2007-3818

Currently unrated

Key Information:

Vendor: Drupal
Status: Logintoboggan Module
Vendor: CVE Published:; 17 July 2007

What is CVE-2007-3818?

A cross-site scripting (XSS) vulnerability exists in the LoginToboggan module for Drupal, where remote authenticated users with 'administer blocks' permissions can exploit this flaw. By injecting arbitrary JavaScript into the message displayed above the default user login block, malicious users can manipulate user sessions and gain unauthorized access to sensitive information or escalate privileges within the Drupal environment.

References

http://drupal.org/node/158921

x_refsource_CONFIRM

http://osvdb.org/37010

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2007
Vulnerability Reserved
Jul 16, 2007

JSON