Drupal Database Administration Module Multiple HTML-injection Vulnerabilities

Drupal Database Administration Module Multiple HTML-injection Vulnerabilities

Drupal Database Administration Module is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content.

To exploit this issue, an attacker must have Site Administrator privileges.

An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Drupal Database Administration versions prior to 4.7.0-1.2 and all versions of the 4.6.0 branch are vulnerable to these issues.