Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0276

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0276
Last Modified 05 Sep 2008 05:34:39
Published 15 Jan 2008 03:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0276

Summary

Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.

Vulnerable Systems

Application

  • Drupal 4.0.0

  • Drupal 4.1.0

  • Drupal 4.2.0 Rc

  • Drupal 4.4

  • Drupal 4.4.1

  • Drupal 4.4.2

  • Drupal 4.4.3

  • Drupal 4.5

  • Drupal 4.5.1

  • Drupal 4.5.2

  • Drupal 4.5.3

  • Drupal 4.5.4

  • Drupal 4.5.5

  • Drupal 4.5.6

  • Drupal 4.5.7

  • Drupal 4.5.8

  • Drupal 4.6

  • Drupal 4.6.1

  • Drupal 4.6.10

  • Drupal 4.6.11

  • Drupal 4.6.2

  • Drupal 4.6.3

  • Drupal 4.6.4

  • Drupal 4.6.5

  • Drupal 4.6.6

  • Drupal 4.6.7

  • Drupal 4.6.8

  • Drupal 4.6.9

  • Drupal 4.7

  • Drupal 4.7 Rev 1.15

  • Drupal 4.7 Rev 1.2

  • Drupal 4.7.1

  • Drupal 4.7.10

  • Drupal 4.7.2

  • Drupal 4.7.3

  • Drupal 4.7.4

  • Drupal 4.7.5

  • Drupal 4.7.6

  • Drupal 4.7.7

  • Drupal 4.7.8

  • Drupal 4.7.9

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.1 Rev1.1

  • Drupal 5.2

  • Drupal 5.3

  • Drupal 5.4

  • Drupal 5.5.


References

XF - drupal-devel-variable-xss(39606)

CONFIRM - http://drupal.org/node/208524


Last Updated: 27 May 2016 10:46:44