First published: Sun Apr 27 2008(Updated: )
Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Drupal | <=5.0 | |
Drupal E-publish | <=5-1.1 | |
Drupal E-publish | <=6-1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-1980 has a moderate severity due to its potential for cross-site scripting attacks.
To fix CVE-2008-1980, update E-Publish to version 5.x-1.1 or 6.x-1.0 beta1 or later.
CVE-2008-1980 can facilitate cross-site scripting (XSS) attacks, allowing attackers to inject malicious scripts into web pages.
CVE-2008-1980 affects E-Publish versions prior to 5.x-1.1 and 6.x-1.0 beta1.
Yes, CVE-2008-1980 allows remote attackers to exploit the vulnerability without local access.