CVE-2008-1133

Drupal 6.0 - XSS

Title source: llm

Description

The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

References (3)

[Patch, Vendor Advisory] http://drupal.org/node/227608

[Third Party Advisory] http://secunia.com/advisories/29118

[Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28026

Scores

EPSS 0.0043

EPSS Percentile 62.5%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

drupal/drupal

Timeline

Published Mar 04, 2008

Tracked Since Feb 18, 2026