1. Home
  2. CVE Database
  3. CVE-2007-5621
LOW · 3.5

CVE-2007-5621

Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Nod...

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames.

CVSS Score

3.5

LOW

AV:N/AC:M/Au:S/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
DrupalAsin Field ModuleAll versions
DrupalDrupal4.7
DrupalE-Commerce ModuleAll versions
DrupalFullname Field For CckAll versions
DrupalInvite ModuleAll versions
DrupalNode Relativity ModuleAll versions
DrupalPathauto ModuleAll versions
DrupalPaypal Node ModuleAll versions
DrupalToken Module<= 1.4
DrupalUbercart ModuleAll versions

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2007-5621?

CVE-2007-5621 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Nod...

How severe is CVE-2007-5621?

CVE-2007-5621 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-5621?

Check the references section above for vendor advisories and patch information. Affected products include: Drupal Asin Field Module, Drupal Drupal, Drupal E-Commerce Module, Drupal Fullname Field For Cck, Drupal Invite Module.