Cross-Site Scripting Vulnerability in Drupal Token Module
CVE-2007-5621

Currently unrated

Key Information:

Vendor: Drupal
Status: Invite Module; Token Module; Drupal; Paypal Node Module
Vendor: CVE Published:; 22 October 2007

Summary

The Token module for Drupal contains multiple cross-site scripting (XSS) vulnerabilities that could allow remote authenticated users with the post comments privilege to inject arbitrary web scripts or HTML. This can be exploited through various vectors related to comments, vocabulary names, term names, and usernames, impacting the security of the site and potentially exposing sensitive user information.

References

http://osvdb.org/38073

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/37275

vdb-entryx_refsource_XF

http://drupal.org/node/184336

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 22, 2007
Vulnerability Reserved
Oct 22, 2007