CVE-2008-3218

EPSS 0.92%

Drupal vulnerable to Cross-site Scripting

發布日:2022/5/1修改日:2024/2/9

描述

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.

受影響套件(1)

Packagist/drupal/drupal>= 6.0, < 6.3

參考連結(11)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2008-3218
PATCHhttps://github.com/drupal/drupal
WEBhttp://drupal.org/node/280571
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=454849
WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/43704
WEBhttps://web.archive.org/web/20080804010537/http://secunia.com/advisories/31079
WEBhttps://web.archive.org/web/20081007110725/http://www.securityfocus.com/bid/30168
WEBhttps://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
WEBhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
WEBhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
WEBhttp://www.openwall.com/lists/oss-security/2008/07/10/3