CVE-2007-3817

Name of the Vulnerable Software and Affected Versions: Drupal LoginToboggan module versions 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712

Description: A cross-site scripting (XSS) issue exists when the LoginToboggan module is configured to display a "Log out" link, allowing remote attackers to inject arbitrary web script or HTML via a crafted username. Note that Drupal sanitizes the username by removing certain characters, which might mitigate this issue on default installations.

Recommendations: For versions 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712, consider updating to a version after 20070712 to resolve the issue. As a temporary workaround, consider restricting the use of crafted usernames to minimize the risk of exploitation.