CVE-2008-0274

medium

Description

Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/39605

http://www.vupen.com/english/advisories/2008/0134

http://www.vupen.com/english/advisories/2008/0127

http://www.vbdrupal.org/forum/showthread.php?t=1349

http://www.vbdrupal.org/forum/showthread.php?p=6878

http://www.securityfocus.com/bid/27238

http://secunia.com/advisories/28486

http://secunia.com/advisories/28422

http://drupal.org/node/208565

Details

Source: Mitre, NVD

Published: 2008-01-15

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.0065

Detections

Analytics