GitHub Advisory DatabaseGHSA-6CJ8-C359-P7Q9Drupal vulnerable to Cross-site Scripting
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
57.4%
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.
Affected configurations
References
drupal.org/node/280571
www.openwall.com/lists/oss-security/2008/07/10/3
bugzilla.redhat.com/show_bug.cgi?id=454849
exchange.xforce.ibmcloud.com/vulnerabilities/43704
github.com/advisories/GHSA-6cj8-c359-p7q9
nvd.nist.gov/vuln/detail/CVE-2008-3218
web.archive.org/web/20080804010537/secunia.com/advisories/31079
web.archive.org/web/20081007110725/www.securityfocus.com/bid/30168
www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
57.4%