RSS   Vulnerabilities for 'Asin field module'   RSS

2007-10-22
 
CVE-2007-5621

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames.

 

 >>> Vendor: Drupal 136 Products
Drupal
Form mail module
Job search
Bibliography module
Recipe module
Drupal easylinks module
Drupal e-commerce module
Drupal pathauto module
Drupal pubcookie module
Drupal userreview module
Search keyword module
Site profile directory module
Extended tracker
Cvs management and tracker
Chatroom module
Help tip module
Drupal project
Drupal project issue tracking
Drupal mysite
Imce module
Project
Project issue tracking module
Acidfree
Textimage
Secure site module
Audio module
Getid3
Mediafield module
Nodefamily
Database administration module
Print module
Forward module
Logintoboggan module
Content construction kit
Weblinks
Asin field module
E-commerce module
Fullname field for cck
Invite module
Node relativity module
Pathauto module
Paypal node module
Token module
Ubercart module
Shoutbox
Feature module
Meta tags module
Bueditor
Atom module
Fileshare module
Archive module
Workflow
Comment upload module
Openid
Userpoints module
Header image
Webform module
Internationalization
Localizer
E-publish
Site documentation module
Node hierarchy module
Magic tabs module
Taxonomy image module
Trailscout module
Aggregation module
Taxonomy autotagger module
Organic groups module
Outline designer module
Tinytax taxonomy block module
Suggested terms module
Upload module
Mailsave
Mailhandler
Link to us
TALK
Brilliant gallery
Shindig-integrator
Node clone
Stock module
Ajax checklist
Views
Everyblog
Semantically interconnected online communities
Localization client
Localization server
User karma module
Storm
Comment mail
Views bulk operations
Link module
Protected node module
Taxonomy theme module
Tasklist
Plus1
Print
Feedapi mapper
Cck comment reference
News page
Nodeaccess userreference
See all Products for Vendor Drupal


Copyright 2017, cxsecurity.com