CVE-2006-4002

Published Aug 7, 2006

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Evaluator

Comment: -
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95DA206C-EF72-4379-9ED8-795FCAD0BE19"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC5ACB7E-0CEB-4417-839A-8B06615FC981"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35BD7D35-AA9D-4589-A6BC-6D34219B7128"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "611B9D43-CE88-4451-A27C-7F6F24016B4F"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD1A7208-6273-4CC6-AB7B-DA855EEF2729"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83457EB5-BA6B-4ECB-8CB2-A10989B3A9F9"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49A92C9C-18DD-4FF7-A95D-72EE72C83C0E"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DC016B5-A4C2-4A78-B830-C041C8BAAD76"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35B99C22-9A8C-43F3-9AD8-D901D07D5FCD"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94D0FD99-066F-4161-9524-01DD01F31527"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79F8FEEF-6857-4DC8-9D0D-76D801D0E914"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61EC4ECE-6719-4C54-B150-017ACB32E644"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Evaluator

Configurations

References