GHSA-6cj8-c359-p7q9

Suggest an improvement
Source
https://github.com/advisories/GHSA-6cj8-c359-p7q9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6cj8-c359-p7q9/GHSA-6cj8-c359-p7q9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6cj8-c359-p7q9
Aliases
  • CVE-2008-3218
Published
2022-05-01T23:57:56Z
Modified
2024-02-09T16:56:40.696856Z
Summary
Drupal vulnerable to Cross-site Scripting
Details

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.

Database specific
{
    "nvd_published_at": "2008-07-18T16:41:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-09T16:36:05Z"
}
References

Affected packages

Packagist / drupal/drupal

Package

Name
drupal/drupal
Purl
pkg:composer/drupal/drupal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0
Fixed
6.3