WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3741)

Description

The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.

Remediation

References

Related Vulnerabilities

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-5320)

OpenSSL Resource Management Errors Vulnerability (CVE-2015-1788)

WordPress Plugin WP Statistics SQL Injection (12.6.6.1)

WordPress Plugin Disclosure Policy 'abspath' Parameter Remote File Include (1.0)

Oracle Database Server CVE-2015-2655 Vulnerability (CVE-2015-2655)

Severity

Low

Classification

CVE-2008-3741 CWE-707

Tags

Missing Update Known Vulnerabilities