| Vulnerability Name: | CVE-2008-6170 (CCN-46052) | ||||||||
| Assigned: | 2008-10-22 | ||||||||
| Published: | 2008-10-22 | ||||||||
| Updated: | 2017-08-17 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-6170 Source: CCN Type: DRUPAL-SA-2008-067 Drupal core - Multiple vulnerabilities Source: CONFIRM Type: Patch, Vendor Advisory http://drupal.org/node/324824 Source: CCN Type: SA32297 Drupal Book Page Title Script Insertion Source: SECUNIA Type: Vendor Advisory 32297 Source: SECUNIA Type: UNKNOWN 32441 Source: CCN Type: OSVDB ID: 49246 Drupal Book Page Titles Unspecified XSS Source: BID Type: UNKNOWN 31882 Source: CCN Type: BID-31882 Drupal Book Page Title HTML Injection Vulnerability Source: VUPEN Type: UNKNOWN ADV-2008-2913 Source: XF Type: UNKNOWN drupal-book-page-xss(46052) Source: XF Type: UNKNOWN drupal-book-page-xss(46052) Source: FEDORA Type: UNKNOWN FEDORA-2008-9170 Source: FEDORA Type: UNKNOWN FEDORA-2008-9213 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||