Vulnerability Description
Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal E-Commerce Module | 4.7 |
References
- http://drupal.org/node/80084Patch
- http://secunia.com/advisories/21604PatchVendor Advisory
- http://www.securityfocus.com/bid/19675Patch
- http://www.vupen.com/english/advisories/2006/3364
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28528
- http://drupal.org/node/80084Patch
- http://secunia.com/advisories/21604PatchVendor Advisory
- http://www.securityfocus.com/bid/19675Patch
- http://www.vupen.com/english/advisories/2006/3364
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28528
FAQ
What is CVE-2006-4360?
CVE-2006-4360 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary...
How severe is CVE-2006-4360?
CVE-2006-4360 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4360?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal E-Commerce Module.