CVE-2008-3218
Drupal 6.0-6.2 - Cross-Site Scripting via Taxonomy Term Preview and OpenID Values
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30168
Vendor Advisory x_refsource_confirm
http://drupal.org/node/280571
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43704
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=454849
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31079
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/07/10/3
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
Scores
EPSS
0.0092
EPSS Percentile
76.3%
Details
CWE
CWE-79
Status
published
Products (4)
drupal/drupal
6.0 - 6.3
drupal/drupal
6.0 - 6.3Packagist
fedoraproject/fedora
8
fedoraproject/fedora
9
Published
Jul 18, 2008
Tracked Since
Feb 18, 2026