Lucene search

[email protected]CVE-2008-4149

HistorySep 24, 2008 - 5:41 a.m.

CVE-2008-4149

2008-09-2405:41:38

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-4149

cross-site scripting

xss

vulnerability

greg holsclaw

link to us module

drupal

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the “Link page header” field.

Affected configurations

NVD

Node

drupallink_to_usRange≤5.x-1.0

drupallink_to_usMatch5.x-1.x-dev

CPENameOperatorVersion
drupal:link_to_usdrupal link to usle5.x-1.0
drupal:link_to_usdrupal link to useq5.x-1.x-dev

CPE	Name	Operator	Version
drupal:link_to_us	drupal link to us	le	5.x-1.0
drupal:link_to_us	drupal link to us	eq	5.x-1.x-dev

References

drupal.org/node/309861

lists.grok.org.uk/pipermail/full-disclosure/2008-September/064527.html

secunia.com/advisories/31914

www.securityfocus.com/bid/31224

www.vupen.com/english/advisories/2008/2618

exchange.xforce.ibmcloud.com/vulnerabilities/45221

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for CVE-2008-4149

cvelist1 nvd1 prion1