Lucene search

[email protected]CVE-2008-0274

HistoryJan 15, 2008 - 8:00 p.m.

CVE-2008-0274

2008-01-1520:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-0274

cross-site scripting

xss

drupal

.htaccess

web script

html

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.

Affected configurations

NVD

Node

drupaldrupalMatch4.7

drupaldrupalMatch5.0

CPENameOperatorVersion
drupal:drupaldrupaleq4.7
drupal:drupaldrupaleq5.0

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	4.7
drupal:drupal	drupal	eq	5.0

References

drupal.org/node/208565

secunia.com/advisories/28422

secunia.com/advisories/28486

www.securityfocus.com/bid/27238

www.vbdrupal.org/forum/showthread.php?p=6878

www.vbdrupal.org/forum/showthread.php?t=1349

www.vupen.com/english/advisories/2008/0127

www.vupen.com/english/advisories/2008/0134

exchange.xforce.ibmcloud.com/vulnerabilities/39605

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2008-0274

nvd1 nessus1 openvas2 freebsd1 ubuntucve1 cvelist1 prion1