1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
PublicDate: 2008-07-18
Candidate: CVE-2008-3218
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3218
Description:
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before
6.3 allow remote attackers to inject arbitrary web script or HTML via
vectors related to (1) free tagging taxonomy terms, which are not properly
handled on node preview pages, and (2) unspecified OpenID values.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
Patches_drupal:
upstream_drupal: released (6.3)
dapper_drupal: not-affected (code not present)
feisty_drupal: not-affected (code not present)
gutsy_drupal: DNE
hardy_drupal: DNE
devel_drupal: DNE
Patches_drupal5:
upstream_drupal5: released (6.3)
dapper_drupal5: DNE
feisty_drupal5: DNE
gutsy_drupal5: not-affected (code not present)
hardy_drupal5: not-affected (code not present)
devel_drupal5: not-affected (code not present)
|