CVE-2008-3219
CVSS V2 Medium 4.3
CVSS V3 None
Description
The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism.
Overview
- CVE ID
- CVE-2008-3219
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2008-07-18T16:41:00
- Last Modified Date
- 2021-04-15T13:49:40
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* | 1 | OR | 5.0 | 5.8 |
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* | 1 | OR | 6.0 | 6.3 |
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- NONE
- Integrity Impact
- PARTIAL
- Availability Impact
- NONE
- Base Score
- 4.3
- Severity
- MEDIUM
- Exploitability Score
- 8.6
- Impact Score
- 2.9
References
Reference URL | Reference Tags |
---|---|
http://www.openwall.com/lists/oss-security/2008/07/10/3 | Mailing List Third Party Advisory |
http://drupal.org/node/280571 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/30168 | Third Party Advisory VDB Entry |
http://secunia.com/advisories/31079 | Third Party Advisory |
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html | Third Party Advisory |
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=454849 | Issue Tracking Patch Third Party Advisory |
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html | Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/43701 | Third Party Advisory VDB Entry |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2008-3219 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3219 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 07:15:42 | Added to TrackCVE |