CVE-2008-6170

medium

Description

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.

References

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00826.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00783.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/46052

http://www.vupen.com/english/advisories/2008/2913

http://www.securityfocus.com/bid/31882

http://secunia.com/advisories/32441

http://secunia.com/advisories/32297

http://drupal.org/node/324824

Details

Source: Mitre, NVD

Published: 2009-02-19

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

Detections

Analytics