Drupal · Devel · CVE-2008-0276
**Name of the Vulnerable Software and Affected Versions**
Devel module version prior to 5.x-0.1 for Drupal
**Description**
The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is due to the lack of escaping of the `variable` table, which enables attackers to inject malicious code via a site `variable`.
**Recommendations**
For Devel module version prior to 5.x-0.1, update to version 5.x-0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Devel module to minimize the risk of exploitation.