CVE-2008-0274

Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
drupaldrupal
4.7
drupaldrupal
5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
feisty
ignored
edgy
ignored
dapper
ignored
drupal5
karmic
Fixed 5.6-1
released
jaunty
Fixed 5.6-1
released
intrepid
Fixed 5.6-1
released
hardy
Fixed 5.6-1
released
gutsy
ignored
feisty
dne
edgy
dne
dapper
dne
Common Weakness Enumeration
References
http://drupal.org/node/208565
http://secunia.com/advisories/28422
http://secunia.com/advisories/28486
http://www.securityfocus.com/bid/27238
http://www.vbdrupal.org/forum/showthread.php?p=6878
http://www.vbdrupal.org/forum/showthread.php?t=1349
http://www.vupen.com/english/advisories/2008/0127
http://www.vupen.com/english/advisories/2008/0134
https://exchange.xforce.ibmcloud.com/vulnerabilities/39605
http://drupal.org/node/208565
http://secunia.com/advisories/28422
http://secunia.com/advisories/28486
http://www.securityfocus.com/bid/27238
http://www.vbdrupal.org/forum/showthread.php?p=6878
http://www.vbdrupal.org/forum/showthread.php?t=1349
http://www.vupen.com/english/advisories/2008/0127
http://www.vupen.com/english/advisories/2008/0134
https://exchange.xforce.ibmcloud.com/vulnerabilities/39605