Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-01-15 20:00
Updated : 2024-02-04 17:13
NVD link : CVE-2008-0274
Mitre link : CVE-2008-0274
CVE.ORG link : CVE-2008-0274
JSON object : View
Products Affected
drupal
- drupal
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')