Vulnerability Details : CVE-2007-3818
Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2007-3818
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 27 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-3818
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST |
References for CVE-2007-3818
Products affected by CVE-2007-3818
- cpe:2.3:a:drupal:logintoboggan_module:*:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:logintoboggan_module:*:*:*:*:*:*:*:*