CVE-2008-0274 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x when certain .htaccess protections are disabled allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.

Reference

http://drupal.org/node/208565 http://secunia.com/advisories/28422 http://secunia.com/advisories/28486 http://www.securityfocus.com/bid/27238 http://www.vbdrupal.org/forum/showthread.php?p=6878 http://www.vbdrupal.org/forum/showthread.php?t=1349 http://www.vupen.com/english/advisories/2008/0127 http://www.vupen.com/english/advisories/2008/0134 https://exchange.xforce.ibmcloud.com/vulnerabilities/39605

Share on: