Description

The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

Remediation

References

CVE-2008-1133

Related Vulnerabilities

WordPress Plugin WP Simple Login Registration Cross-Site Scripting (1.0.2)

PHP Data Processing Errors Vulnerability (CVE-2015-4026)

WordPress Plugin Flexible Custom Post Type Cross-Site Scripting (0.1.5)

Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3315)

Oracle Database Server CVE-2010-2390 Vulnerability (CVE-2010-2390)

Severity

Medium

Classification

CVE-2008-1133 CWE-707

Tags

Missing Update Known Vulnerabilities