CVE-2007-0136 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11 and 4.7 before 4.7.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.

Reference

http://drupal.org/files/sa-2007-001/advisory.txt http://drupal.org/node/104233 http://marc.info/?l=full-disclosure&m=116799778408115&w=2 http://osvdb.org/32139 http://osvdb.org/32140 http://www.securityfocus.com/archive/1/456054/100/100/threaded http://www.vupen.com/english/advisories/2007/0050 https://exchange.xforce.ibmcloud.com/vulnerabilities/31311