CVE-2008-0273

Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.
Cross-site Scripting
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
drupaldrupal
4.0.0
drupaldrupal
4.1.0
drupaldrupal
4.2.0_rc
drupaldrupal
4.4
drupaldrupal
4.4.1
drupaldrupal
4.4.2
drupaldrupal
4.4.3
drupaldrupal
4.5
drupaldrupal
4.5.1
drupaldrupal
4.5.2
drupaldrupal
4.5.3
drupaldrupal
4.5.4
drupaldrupal
4.5.5
drupaldrupal
4.5.6
drupaldrupal
4.5.7
drupaldrupal
4.5.8
drupaldrupal
4.6
drupaldrupal
4.6.1
drupaldrupal
4.6.2
drupaldrupal
4.6.3
drupaldrupal
4.6.4
drupaldrupal
4.6.5
drupaldrupal
4.6.6
drupaldrupal
4.6.7
drupaldrupal
4.6.8
drupaldrupal
4.6.9
drupaldrupal
4.6.10
drupaldrupal
4.6.11
drupaldrupal
4.7
drupaldrupal
4.7.1
drupaldrupal
4.7.2
drupaldrupal
4.7.3
drupaldrupal
4.7.4
drupaldrupal
4.7.5
drupaldrupal
4.7.6
drupaldrupal
4.7.7
drupaldrupal
4.7.8
drupaldrupal
4.7.9
drupaldrupal
4.7.10
drupaldrupal
4.7_rev_1.2
drupaldrupal
4.7_rev_1.15
drupaldrupal
5.0
drupaldrupal
5.1
drupaldrupal
5.1_rev1.1
drupaldrupal
5.2
drupaldrupal
5.3
drupaldrupal
5.4
drupaldrupal
5.5.
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
feisty
Fixed 5.1-0ubuntu2.3
released
edgy
ignored
dapper
ignored
drupal5
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
Fixed 5.2-2ubuntu2.2
released
feisty
dne
edgy
dne
dapper
dne