CVE-2008-0276

Drupal - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.

References (2)

[Various Sources] http://drupal.org/node/208524

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39606

Scores

EPSS 0.0023

EPSS Percentile 45.5%

Classification

CWE

CWE-79

Status draft

Affected Products (48)

drupal/drupal

... and 33 more

Timeline

Published Jan 15, 2008

Tracked Since Feb 18, 2026