CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
65.8%
The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3
does not “prevent use of the object HTML tag in administrator input,” which
has unknown impact and attack vectors, probably related to an insufficient
cross-site scripting (XSS) protection mechanism.