CVE-2005-3973: XSS
First published: Sat Dec 03 2005(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Drupal | =4.5.0 | |
| Drupal | =4.5.1 | |
| Drupal | =4.5.2 | |
| Drupal | =4.5.3 | |
| Drupal | =4.5.4 | |
| Drupal | =4.5.5 | |
| Drupal | =4.6.0 | |
| Drupal | =4.6.1 | |
| Drupal | =4.6.2 | |
| Drupal | =4.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://drupal.org/files/sa-2005-007/advisory.txt
- http://drupal.org/files/sa-2005-007/4.6.3.patch
- http://www.securityfocus.com/bid/15677
- http://secunia.com/advisories/17824
- http://www.debian.org/security/2006/dsa-958
- http://secunia.com/advisories/18630
- http://www.vupen.com/english/advisories/2005/2684
- http://www.securityfocus.com/archive/1/418292/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2005-3973?
CVE-2005-3973 is considered a moderate severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2005-3973?
To mitigate CVE-2005-3973, update your Drupal installation to version 4.6.4 or later.
Which versions of Drupal are affected by CVE-2005-3973?
CVE-2005-3973 affects Drupal versions 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3.
What type of vulnerability is CVE-2005-3973?
CVE-2005-3973 is a cross-site scripting (XSS) vulnerability that allows attackers to inject arbitrary scripts.
Can CVE-2005-3973 be exploited remotely?
Yes, CVE-2005-3973 can be exploited by remote attackers without authentication.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/drupal
- product/drupal
- canonical/drupal drupal
- canonical/drupal
- version/drupal/4.5.0
- version/drupal/4.5.1
- version/drupal/4.5.2
- version/drupal/4.5.3
- version/drupal/4.5.4
- version/drupal/4.5.5
- version/drupal/4.6.0
- version/drupal/4.6.1
- version/drupal/4.6.2
- version/drupal/4.6.3