CVE-2008-0273

Name of the Vulnerable Software and Affected Versions Drupal versions 4.7.x before 4.7.11 Drupal versions 5.x before 5.6

Description The issue arises from an interpretation conflict when using Internet Explorer 6, allowing remote attackers to conduct cross-site scripting (XSS) attacks. This is made possible by invalid UTF-8 byte sequences that are not properly processed by Drupal's HTML filtering but are interpreted as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.

Recommendations For Drupal versions 4.7.x before 4.7.11, update to version 4.7.11 or later. For Drupal versions 5.x before 5.6, update to version 5.6 or later.