Lucene search

K

GoogleOSV:GHSA-6CJ8-C359-P7Q9

HistoryMay 01, 2022 - 11:57 p.m.

Drupal vulnerable to Cross-site Scripting

2022-05-0123:57:56

Google

osv.dev

17

drupal

cross-site scripting

xss

vulnerabilities

remote attackers

web script

html

free tagging taxonomy terms

node preview pages

openid values

software

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

57.4%

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.

References

drupal.org/node/280571

www.openwall.com/lists/oss-security/2008/07/10/3

bugzilla.redhat.com/show_bug.cgi?id=454849

exchange.xforce.ibmcloud.com/vulnerabilities/43704

github.com/drupal/drupal

nvd.nist.gov/vuln/detail/CVE-2008-3218

web.archive.org/web/20080804010537/secunia.com/advisories/31079

web.archive.org/web/20081007110725/www.securityfocus.com/bid/30168

www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html

www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html

www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

57.4%

Related for OSV:GHSA-6CJ8-C359-P7Q9

ubuntucve1 github1 prion1 cve1 cvelist1 nvd1 openvas6 freebsd1 nessus4 redhatcve1