• info
• discussion
• exploit
• solution
• references

Logintoboggan Module CVE-2007-3818 Cross-Site Scripting Vulnerability

Logintoboggan Module is prone to a cross-site scripting vulnerability. Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."