CVE-2008-6170

Sažetak

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.

Reference

http://drupal.org/node/324824
http://secunia.com/advisories/32297
http://secunia.com/advisories/32441
http://www.securityfocus.com/bid/31882
http://www.vupen.com/english/advisories/2008/2913
https://exchange.xforce.ibmcloud.com/vulnerabilities/46052
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00783.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00826.html

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:29

Objavljeno

19-02-2009 - 15:30