CVE-2007-5621
Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames.
| Software | From | Fixed in |
|---|---|---|
| drupal / invite_module | - | - |
| drupal / token_module | - | 1.4.x |
drupal / drupal
|
5.2 | 5.2.x |
| drupal / paypal_node_module | - | - |
| drupal / node_relativity_module | - | - |
| drupal / ubercart_module | - | - |
| drupal / token_module | - | 1.8.x |
|
drupal / drupal
|
5.0 | 5.0.x |
| drupal / pathauto_module | - | - |
|
drupal / drupal
|
4.7 | 4.7.x |
| drupal / e-commerce_module | - | - |
|
drupal / drupal
|
5.1 | 5.1.x |
| drupal / asin_field_module | - | - |
| drupal / fullname_field_for_cck | - | - |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime