Home > Vulnerability Database > CVE-2006-2833

Mend.io Vulnerability Database

CVE-2006-2833

Date: June 5, 2006

Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.

Severity Score

3.7

Related Resources (13)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/26893

Url: http://www.debian.org/security/2006/dsa-1125

Url: http://secunia.com/advisories/20412

Url: http://www.vupen.com/english/advisories/2006/2112

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-2833

Url: http://www.securityfocus.com/bid/18245

Url: http://www.securityfocus.com/archive/1/435793/100/0/threaded

Url: http://securityreason.com/securityalert/1041

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-2833

Url: http://drupal.org/node/66767

Url: http://drupal.org/files/sa-2006-008/4.6.7.patch

Url: http://secunia.com/advisories/21244

Url: https://www.mend.io/vulnerability-database/CVE-2006-2833

Severity Score

3.7

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-2833

Date: June 5, 2006

Severity Score

Related Resources (13)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?