PT-2008-4635 · Drupal · Drupal
Publicado
2008-07-18
·
Atualizado
2021-04-15
·
CVE-2008-3219
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Drupal versions 5.x through 5.7
Drupal versions 6.x through 6.2
Description:
The issue is related to an insufficient cross-site scripting (XSS) protection mechanism in the filter xss admin function, which does not prevent the use of the object HTML tag in administrator input. This has unknown impact and attack vectors.
Recommendations:
For Drupal versions 5.x through 5.7, update to version 5.8 or later.
For Drupal versions 6.x through 6.2, update to version 6.3 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Drupal