CVE-2008-3218

{"id": "CVE-2008-3218", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-07-18T16:41:00.000", "references": [{"url": "http://drupal.org/node/280571", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31079", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2008/07/10/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30168", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=454849", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43704", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en versiones de Drupal 6.x anteriores a 6.3 permiten a atacantes remotos inyectar scripts web o HTML arbitrario a trav\u00e9s de vectores relacionados con (1) un etiquetado  libre de t\u00e9rminos de taxonom\u00eda, que no son manejados correctamente en el m\u00f3dulo de vista previa, y con (2) valores OpenID sin especificar."}], "lastModified": "2021-04-19T21:03:28.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2B32D57-2123-41FB-9594-AF40304999A9", "versionEndExcluding": "6.3", "versionStartIncluding": "6.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}