CVE-2007-5621 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5 and 5.x before 5.x-1.9 for Drupal; as used by the ASIN Field e-Commerce Fullname field for CCK Invite Node Relativity Pathauto PayPal Node and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments (2) vocabulary names (3) term names and (4) usernames.

Reference

http://drupal.org/node/184336 http://osvdb.org/38073 http://secunia.com/advisories/27291 https://exchange.xforce.ibmcloud.com/vulnerabilities/37275