CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
71.6%
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.
drupal.org/node/449078
secunia.com/advisories/34948
secunia.com/advisories/34950
secunia.com/advisories/34980
www.debian.org/security/2009/dsa-1792
www.osvdb.org/54152
www.vbdrupal.org/forum/showthread.php?p=9953#post9953
www.vupen.com/english/advisories/2009/1216
exchange.xforce.ibmcloud.com/vulnerabilities/50250
www.redhat.com/archives/fedora-package-announce/2009-May/msg00108.html
www.redhat.com/archives/fedora-package-announce/2009-May/msg00133.html