CVE-2007-3818

Name of the Vulnerable Software and Affected Versions: LoginToboggan module versions 5.x-1.x-dev before 20070712

Description: The issue allows remote authenticated users with administer blocks permission to inject arbitrary JavaScript and gain privileges via the message displayed above the default user login block.

Recommendations: For LoginToboggan module versions 5.x-1.x-dev before 20070712, update to a version released after 20070712 to resolve the issue. As a temporary workaround, consider restricting access to the "administer blocks" permission to minimize the risk of exploitation.