Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4149

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-4149
Last Modified 17 Mar 2009 01:47:47
Published 24 Sep 2008 01:41:38
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4149

Summary

Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field.

Vulnerable Systems

Application

  • Drupal Link To Us 5.x-1.0

  • Drupal Link To Us 5.x-1.x-dev


References

CONFIRM - http://drupal.org/node/309861

XF - linktous-linkpageheader-xss(45221)

VUPEN - ADV-2008-2618

BID - 31224

SECUNIA - 31914

FULLDISC - 20070915 Drupal Link to Us Module Contains XSS Vulnerability


Last Updated: 27 May 2016 10:48:24