CVE-2008-0274

EUVD-2008-0285
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
drupaldrupal
4.7
drupaldrupal
5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal
dapper
ignored
edgy
ignored
feisty
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
drupal5
dapper
dne
edgy
dne
feisty
dne
gutsy
ignored
hardy
Fixed 5.6-1
released
intrepid
Fixed 5.6-1
released
jaunty
Fixed 5.6-1
released
karmic
Fixed 5.6-1
released
Common Weakness Enumeration
References
http://drupal.org/node/208565
http://secunia.com/advisories/28422
http://secunia.com/advisories/28486
http://www.securityfocus.com/bid/27238
http://www.vbdrupal.org/forum/showthread.php?p=6878
http://www.vbdrupal.org/forum/showthread.php?t=1349
http://www.vupen.com/english/advisories/2008/0127
http://www.vupen.com/english/advisories/2008/0134
https://exchange.xforce.ibmcloud.com/vulnerabilities/39605
http://drupal.org/node/208565
http://secunia.com/advisories/28422
http://secunia.com/advisories/28486
http://www.securityfocus.com/bid/27238
http://www.vbdrupal.org/forum/showthread.php?p=6878
http://www.vbdrupal.org/forum/showthread.php?t=1349
http://www.vupen.com/english/advisories/2008/0127
http://www.vupen.com/english/advisories/2008/0134
https://exchange.xforce.ibmcloud.com/vulnerabilities/39605