Lucene search

[email protected]CVE-2008-3218

HistoryJul 18, 2008 - 4:41 p.m.

CVE-2008-3218

2008-07-1816:41:00

CWE-79

[email protected]

web.nvd.nist.gov

xss

drupal 6.x

cve-2008-3218

remote attack

web script

html

openid

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.

Affected configurations

NVD

Node

drupaldrupalRange6.0–6.3

Node

fedoraprojectfedoraMatch8

fedoraprojectfedoraMatch9

CPENameOperatorVersion
drupal:drupaldrupallt6.3

CPE	Name	Operator	Version
drupal:drupal	drupal	lt	6.3

References

drupal.org/node/280571

secunia.com/advisories/31079

www.openwall.com/lists/oss-security/2008/07/10/3

www.securityfocus.com/bid/30168

bugzilla.redhat.com/show_bug.cgi?id=454849

exchange.xforce.ibmcloud.com/vulnerabilities/43704

www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html

www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html

www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.7%

JSON

Related for CVE-2008-3218

ubuntucve1 prion1 github1 nvd1 osv1 cvelist1 nessus4 openvas6 freebsd1 redhatcve1