CVE-2006-6386

Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display.

Published: Dec 8, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6386
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
drupal / cvs_management_and_tracker	4.7_2.0	4.7_2.0.x
drupal / cvs_management_and_tracker	4.7_1.0	4.7_1.0.x

http://drupal.org/node/101540
http://secunia.com/advisories/23261
http://www.securityfocus.com/bid/21455
http://www.vupen.com/english/advisories/2006/4870
https://exchange.xforce.ibmcloud.com/vulnerabilities/30748

Vulnerability Database

290,020

CVE-2006-6386