CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-4949

Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.6%

CVSS Severity

CVSS v2 Score 4.3

References

http://drupal.org/node/85048
http://secunia.com/advisories/22035
http://www.osvdb.org/29029
http://www.vupen.com/english/advisories/2006/3714
https://exchange.xforce.ibmcloud.com/vulnerabilities/29061
http://drupal.org/node/85048
http://secunia.com/advisories/22035
http://www.osvdb.org/29029
http://www.vupen.com/english/advisories/2006/3714
https://exchange.xforce.ibmcloud.com/vulnerabilities/29061

Products affected by CVE-2006-4949

Drupal » Site Profile Directory Module » Version: Any

cpe:2.3:a:drupal:site_profile_directory_module:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-4949

Products

Pricing

Contact Us