CVE-2007-3818

Drupal LoginToboggan Module < 4.7.x-1.0 - Authenticated Cross-Site Scripting via Login Block Message

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."

References (2)

Core 2
Core References
Patch x_refsource_confirm
http://drupal.org/node/158921
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37010

Scores

EPSS 0.0023
EPSS Percentile 45.4%

Details

Status published
Products (1)
drupal/logintoboggan_module < 4.7.x-1.0
Published Jul 17, 2007
Tracked Since Feb 18, 2026