3.5
CVE-2007-3818
- EPSS 0.69%
- Veröffentlicht 17.07.2007 01:30:00
- Zuletzt bearbeitet 16.06.2026 22:42:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Drupal ≫ Logintoboggan Module Version <= 4.7.x-1.0
Drupal ≫ Logintoboggan Module Version <= 5.x-1.x-dev
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.69% | 0.478 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
http://drupal.org/node/158921
http://osvdb.org/37010