CVE-2007-2159

Name of the Vulnerable Software and Affected Versions Drupal versions 4.6.x through 4.7.x-1.1 Drupal version 4.7.x-1.2 and later are not affected, but versions before 4.7.x-1.2 in the 4.7.x-1 series are vulnerable. This can be simplified to: Drupal versions 4.6.x through 4.7.x-1.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, specifically relating to the direct display of data from the database and other portions of the user interface.

Recommendations For Drupal versions 4.6.x through 4.7.x-1.1, update to version 4.7.x-1.2 or later to resolve the issue.