Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.
References
Link | Resource |
---|---|
http://drupal.org/node/80084 | Patch |
http://www.securityfocus.com/bid/19675 | Patch |
http://secunia.com/advisories/21604 | Patch Vendor Advisory |
http://www.vupen.com/english/advisories/2006/3364 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/28528 |
Configurations
Information
Published : 2006-08-26 19:04
Updated : 2017-07-19 18:33
NVD link : CVE-2006-4360
Mitre link : CVE-2006-4360
JSON object : View
CWE
Products Affected
drupal
- drupal_e-commerce_module