GHSA-6cj8-c359-p7q9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6cj8-c359-p7q9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6cj8-c359-p7q9/GHSA-6cj8-c359-p7q9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6cj8-c359-p7q9
- Aliases
-
- CVE-2008-3218
- Published
- 2022-05-01T23:57:56Z
- Modified
- 2024-02-09T16:56:40.696856Z
- Summary
- Drupal vulnerable to Cross-site Scripting
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.
- Database specific
{ "nvd_published_at": "2008-07-18T16:41:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-02-09T16:36:05Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2008-3218
- https://bugzilla.redhat.com/show_bug.cgi?id=454849
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43704
- https://github.com/drupal/drupal
- https://web.archive.org/web/20080804010537/http://secunia.com/advisories/31079
- https://web.archive.org/web/20081007110725/http://www.securityfocus.com/bid/30168
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
- http://drupal.org/node/280571
- http://www.openwall.com/lists/oss-security/2008/07/10/3
Affected packages
Packagist / drupal/drupal
Package
- Name
- drupal/drupal
- Purl
- pkg:composer/drupal/drupal