CVE Vulnerability

CVE-2008-3219

The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.openwall.com/lists/oss-security/2008/07/10/3 Mailing List Third Party Advisory
http://drupal.org/node/280571 Patch Vendor Advisory
http://www.securityfocus.com/bid/30168 Third Party Advisory VDB Entry
http://secunia.com/advisories/31079 Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=454849 Issue Tracking Patch
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43701 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
Information

Published : 2008-07-18 04:41

Updated : 2021-04-15 01:49

NVD link : CVE-2008-3219

Mitre link : CVE-2008-3219

Products Affected
No products.
CWE
CWE-79