Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3219

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3219
Last Modified 19 Aug 2009 12:00:00
Published 18 Jul 2008 12:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3219

Summary

The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism.

Vulnerable Systems

Application

  • Drupal 5

  • Drupal 6


References

CONFIRM - http://drupal.org/node/280571

FEDORA - FEDORA-2008-6411

FEDORA - FEDORA-2008-6415

FEDORA - FEDORA-2008-6916

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=454849

XF - openid-unspecified-xss(43701)

BID - 30168

MLIST - [oss-security] 20080710 CVE request: multiple drupal issues in < 6.3,5.8

SECUNIA - 31079


Last Updated: 27 May 2016 10:48:06