CVE-2007-0534 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Project Project Issue Tracking Module

Configuration 1 [-]

OR	cpe:2.3:a:drupal:project::::::::
	cpe:2.3:a:drupal:project:4.6.0:::::::*
	cpe:2.3:a:drupal:project_issue_tracking_module::::::::
	cpe:2.3:a:drupal:project_issue_tracking_module:4.7.0:::::::*

No data.

References

Link	Providers
http://drupal.org/node/112146
http://osvdb.org/32133
http://secunia.com/advisories/23908
http://www.securityfocus.com/bid/22224
http://www.vupen.com/english/advisories/2007/0312
https://exchange.xforce.ibmcloud.com/vulnerabilities/31728

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-26T01:00:00

Updated: 2024-08-07T12:19:30.510Z

Reserved: 2007-01-25T00:00:00

Link: CVE-2007-0534

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-01-26T01:28:00.000

Modified: 2017-07-29T01:30:15.423

Link: CVE-2007-0534

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain \"fields on project nodes\" or (b) \"certain project-specific settings regarding issue tracking.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "projecttracking-unspecified-xss(31728)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31728"}, {"name": "22224", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22224"}, {"name": "32133", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32133"}, {"name": "ADV-2007-0312", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0312"}, {"name": "23908", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23908"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/112146"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0534", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain \"fields on project nodes\" or (b) \"certain project-specific settings regarding issue tracking.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "projecttracking-unspecified-xss(31728)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31728"}, {"name": "22224", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22224"}, {"name": "32133", "refsource": "OSVDB", "url": "http://osvdb.org/32133"}, {"name": "ADV-2007-0312", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0312"}, {"name": "23908", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23908"}, {"name": "http://drupal.org/node/112146", "refsource": "CONFIRM", "url": "http://drupal.org/node/112146"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:19:30.510Z"}, "title": "CVE Program Container", "references": [{"name": "projecttracking-unspecified-xss(31728)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31728"}, {"name": "22224", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22224"}, {"name": "32133", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32133"}, {"name": "ADV-2007-0312", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0312"}, {"name": "23908", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23908"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/112146"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0534", "datePublished": "2007-01-26T01:00:00", "dateReserved": "2007-01-25T00:00:00", "dateUpdated": "2024-08-07T12:19:30.510Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:project:*:*:*:*:*:*:*:*", "matchCriteriaId": "48BE387D-7C84-4948-B7A7-F231E97BEA85", "versionEndIncluding": "5", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "165F101E-3A64-4BC2-BC46-76D53358F35E", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_tracking_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "39168FD5-EB3C-4ED8-9C2B-3710595009A8", "versionEndIncluding": "5", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:project_issue_tracking_module:4.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "5FB4D849-CF04-4E1A-90A6-944CC71540D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain \"fields on project nodes\" or (b) \"certain project-specific settings regarding issue tracking.\""}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1) el seguimiento de asuntos de Project 4.7.0 hasta 5.x versiones anteriores a 20070123 y (2) Project 4.6.0 hasta 5.x versiones anteriores a 20070123 m\u00f3dulos para Drupal permite a atacantes remotos autenticados inyectar scripts web o HTML de su elecci\u00f3n mediante (a) concretos \"campos en los nodo proyecto\" \u00f3 (b) \"propiedades concretos dependientes-de-proyecto relacionadas con asuntos de seguimiento\""}], "id": "CVE-2007-0534", "lastModified": "2017-07-29T01:30:15.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-26T01:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://drupal.org/node/112146"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32133"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23908"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22224"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0312"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31728"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}