Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Token模块多个跨站脚本攻击漏洞
Vulnerability Description
Drupal Token模块4.7.x-1.5版本之前的版本, 和5.x-1.9版本之前的5.x版本中存在多个跨站脚本攻击漏洞; 当在ASIN Field, CCK e-Commerce, Fullname字段, Invite, Node Relativity, Pathauto, PayPal Node, 和 Ubercart模块中运行时;具有一个post评论特权的远程验证用户可以借助未明向量,注入任意web脚本或HTML,该漏洞与(1) comments, (2) vocabulary names,
CVSS Information
N/A
Vulnerability Type
N/A