CVE-2008-3219
Description
The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not prevent use of the object HTML tag in administrator input, which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism.
Risk Information
Base Score
6.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.583
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update drupal 6 to latest version | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234