Lucene search

[email protected]NVD:CVE-2008-6170

HistoryFeb 19, 2009 - 3:30 p.m.

CVE-2008-6170

2009-02-1915:30:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.

Affected configurations

Nvd

Node

drupaldrupalMatch5.0

drupaldrupalMatch5.1

drupaldrupalMatch5.2

drupaldrupalMatch5.3

drupaldrupalMatch5.4

drupaldrupalMatch5.5

drupaldrupalMatch5.6

drupaldrupalMatch5.7

drupaldrupalMatch5.8

drupaldrupalMatch5.9

drupaldrupalMatch5.10

drupaldrupalMatch5.11

drupaldrupalMatch6.0

drupaldrupalMatch6.1

drupaldrupalMatch6.2

drupaldrupalMatch6.3

drupaldrupalMatch6.4

drupaldrupalMatch6.5

References

drupal.org/node/324824

secunia.com/advisories/32297

secunia.com/advisories/32441

www.securityfocus.com/bid/31882

www.vupen.com/english/advisories/2008/2913

exchange.xforce.ibmcloud.com/vulnerabilities/46052

www.redhat.com/archives/fedora-package-announce/2008-October/msg00783.html

www.redhat.com/archives/fedora-package-announce/2008-October/msg00826.html

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Related for NVD:CVE-2008-6170

redhatcve1 cve1 openvas2 nessus3 freebsd1 cvelist1 prion1 ubuntucve1