Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0274

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-0274
Last Modified 07 Mar 2011 10:04:15
Published 15 Jan 2008 03:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-0274

Summary

Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.

Vulnerable Systems

Application

  • Drupal 4.7

  • Drupal 5.0


References

BID - 27238

SECUNIA - 28422

XF - drupal-theme-xss(39605)

VUPEN - ADV-2008-0134

VUPEN - ADV-2008-0127

CONFIRM - http://www.vbdrupal.org/forum/showthread.php?t=1349

CONFIRM - http://www.vbdrupal.org/forum/showthread.php?p=6878

SECUNIA - 28486

CONFIRM - http://drupal.org/node/208565


Last Updated: 27 May 2016 10:46:44