CVE-2007-2159 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00309.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Database Administration Module

Configuration 1 [-]

OR	cpe:2.3:a:drupal:database_administration_module:4.6:::::::*
	cpe:2.3:a:drupal:database_administration_module:4.7:::::::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://drupal.org/node/135549
http://osvdb.org/34961
http://secunia.com/advisories/24848
http://www.vupen.com/english/advisories/2007/1360

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-22T19:00:00

Updated: 2024-08-07T13:23:51.057Z

Reserved: 2007-04-22T00:00:00

Link: CVE-2007-2159

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-04-22T19:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2159

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-12T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2008-11-13T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24848", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24848"}, {"name": "ADV-2007-1360", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1360"}, {"name": "34961", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34961"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/135549"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2159", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24848", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24848"}, {"name": "ADV-2007-1360", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1360"}, {"name": "34961", "refsource": "OSVDB", "url": "http://osvdb.org/34961"}, {"name": "http://drupal.org/node/135549", "refsource": "CONFIRM", "url": "http://drupal.org/node/135549"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:23:51.057Z"}, "title": "CVE Program Container", "references": [{"name": "24848", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24848"}, {"name": "ADV-2007-1360", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1360"}, {"name": "34961", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/34961"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/135549"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2159", "datePublished": "2007-04-22T19:00:00", "dateReserved": "2007-04-22T00:00:00", "dateUpdated": "2024-08-07T13:23:51.057Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:database_administration_module:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "AEAE1F7F-D624-47C4-A1E7-4856065266D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:database_administration_module:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "99A249DB-DC04-4820-8C45-FA804049115B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en el m\u00f3dulo de administraci\u00f3n de base de datos(dba)4.6.x-*, y anteriores a 4.7.x-1.2 en la serie 4.7.x-1.*, para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados relacionados con (1) la muestra directa de datos desde la base de datos y (2) otras partes del interfaz del usuario."}], "id": "CVE-2007-2159", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-22T19:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/135549"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34961"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/24848"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1360"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/135549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/34961"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/24848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1360"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}