CVE-2007-2159
Drupal Database Administration Module 4.6.x-* and 4.7.x-1.* < 4.7.x-1.2 - Cross-Site Scripting
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface.
References (4)
Core 4
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24848
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1360
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/34961
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/135549
Scores
EPSS
0.0038
EPSS Percentile
59.3%
Details
Status
published
Products (2)
drupal/database_administration_module
4.6
drupal/database_administration_module
4.7
Published
Apr 22, 2007
Tracked Since
Feb 18, 2026