Lucene search

MitreCVE-2008-2998

HistoryJul 03, 2008 - 6:41 p.m.

CVE-2008-2998

2008-07-0318:41:00

CWE-79

mitre

web.nvd.nist.gov

cve

2008

2998

xss

vulnerabilities

drupal

aggregation

module

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

drupaldrupalMatch5.0

drupaldrupalMatch5.1

drupaldrupalMatch5.1_rev1.1

drupaldrupalMatch5.2

drupaldrupalMatch5.3

drupaldrupalMatch5.4

drupaldrupalMatch5.5.

drupaldrupalMatch5.7

AND

drupalaggregation_moduleMatch3.0

drupalaggregation_moduleMatch3.1

drupalaggregation_moduleMatch3.2

drupalaggregation_moduleMatch4.0

drupalaggregation_moduleMatch4.1

drupalaggregation_moduleMatch4.2

drupalaggregation_moduleMatch4.3

VendorProductVersionCPE
drupaldrupal5.0cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*
drupaldrupal5.1cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:*
drupaldrupal5.1_rev1.1cpe:2.3:a:drupal:drupal:5.1_rev1.1:*:*:*:*:*:*:*
drupaldrupal5.2cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:*
drupaldrupal5.3cpe:2.3:a:drupal:drupal:5.3:*:*:*:*:*:*:*
drupaldrupal5.4cpe:2.3:a:drupal:drupal:5.4:*:*:*:*:*:*:*
drupaldrupal5.5.cpe:2.3:a:drupal:drupal:5.5.:*:*:*:*:*:*:*
drupaldrupal5.7cpe:2.3:a:drupal:drupal:5.7:*:*:*:*:*:*:*
drupalaggregation_module3.0cpe:2.3:a:drupal:aggregation_module:3.0:*:*:*:*:*:*:*
drupalaggregation_module3.1cpe:2.3:a:drupal:aggregation_module:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	drupal	5.0	cpe:2.3:a:drupal:drupal:5.0:::::::*
drupal	drupal	5.1	cpe:2.3:a:drupal:drupal:5.1:::::::*
drupal	drupal	5.1_rev1.1	cpe:2.3:a:drupal:drupal:5.1_rev1.1:::::::*
drupal	drupal	5.2	cpe:2.3:a:drupal:drupal:5.2:::::::*
drupal	drupal	5.3	cpe:2.3:a:drupal:drupal:5.3:::::::*
drupal	drupal	5.4	cpe:2.3:a:drupal:drupal:5.4:::::::*
drupal	drupal	5.5.	cpe:2.3:a:drupal:drupal:5.5.:::::::*
drupal	drupal	5.7	cpe:2.3:a:drupal:drupal:5.7:::::::*
drupal	aggregation_module	3.0	cpe:2.3:a:drupal:aggregation_module:3.0:::::::*
drupal	aggregation_module	3.1	cpe:2.3:a:drupal:aggregation_module:3.1:::::::*

Rows per page:

1-10 of 151

References

drupal.org/node/269479

secunia.com/advisories/30618

www.securityfocus.com/bid/29677

exchange.xforce.ibmcloud.com/vulnerabilities/43008

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Related for CVE-2008-2998