Lucene search

[email protected]NVD:CVE-2008-3741

HistoryAug 27, 2008 - 3:21 p.m.

CVE-2008-3741

2008-08-2715:21:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.

Affected configurations

Nvd

Node

drupaldrupalMatch5.0

drupaldrupalMatch5.1

drupaldrupalMatch5.2

drupaldrupalMatch5.3

drupaldrupalMatch5.4

drupaldrupalMatch5.5

drupaldrupalMatch5.6

drupaldrupalMatch5.7

drupaldrupalMatch5.8

drupaldrupalMatch5.9

drupaldrupalMatch6.0

drupaldrupalMatch6.1

drupaldrupalMatch6.2

drupaldrupalMatch6.3

References

drupal.org/node/295053

secunia.com/advisories/31462

secunia.com/advisories/31825

www.securityfocus.com/bid/30689

www.vupen.com/english/advisories/2008/2392

bugzilla.redhat.com/show_bug.cgi?id=459108

exchange.xforce.ibmcloud.com/vulnerabilities/44446

www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

Related for NVD:CVE-2008-3741

prion1 cvelist1 ubuntucve1 cve1 fedora2 openvas6 nessus3 freebsd1