CVE-2008-0276
Drupal Devel module < 5.x-0.1 - Cross-Site Scripting via Site Variable
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39606
Various Sources x_refsource_confirm
http://drupal.org/node/208524
Scores
EPSS
0.0023
EPSS Percentile
45.6%
Details
CWE
CWE-79
Status
published
Products (48)
drupal/drupal
4.0.0
drupal/drupal
4.1.0
drupal/drupal
4.2.0_rc
drupal/drupal
4.4
drupal/drupal
4.4.1
drupal/drupal
4.4.2
drupal/drupal
4.4.3
drupal/drupal
4.5
drupal/drupal
4.5.1
drupal/drupal
4.5.2
... and 38 more
Published
Jan 15, 2008
Tracked Since
Feb 18, 2026