Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Database Administration Module | 4.6 |
References
- http://drupal.org/node/135549PatchVendor Advisory
- http://osvdb.org/34961
- http://secunia.com/advisories/24848PatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/1360
- http://drupal.org/node/135549PatchVendor Advisory
- http://osvdb.org/34961
- http://secunia.com/advisories/24848PatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/1360
FAQ
What is CVE-2007-2159?
CVE-2007-2159 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbit...
How severe is CVE-2007-2159?
CVE-2007-2159 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2159?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Database Administration Module.