CVE-2006-4002
Drupal 4.6-4.6.8 and 4.7-4.7.2 - Cross-Site Scripting via User Module Msg Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28184
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3138
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21503
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1147
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/76748
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19325
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21332
Scores
EPSS
0.0057
EPSS Percentile
68.9%
Details
Status
published
Products (12)
drupal/drupal
4.6.0
drupal/drupal
4.6.1
drupal/drupal
4.6.2
drupal/drupal
4.6.3
drupal/drupal
4.6.4
drupal/drupal
4.6.5
drupal/drupal
4.6.6
drupal/drupal
4.6.7
drupal/drupal
4.6.8
drupal/drupal
4.7.0
... and 2 more
Published
Aug 07, 2006
Tracked Since
Feb 18, 2026