CVE-2008-3740: XSS
First published: Wed Aug 27 2008(Updated: )
Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Drupal | =5.4 | |
| Drupal | =6.2 | |
| Drupal | =5.2 | |
| Drupal | =5.7 | |
| Drupal | =5.0 | |
| Drupal | =6.1 | |
| Drupal | =5.6 | |
| Drupal | =5.1 | |
| Drupal | =5.5 | |
| Drupal | =6.0 | |
| Drupal | =5.9 | |
| Drupal | =5.8 | |
| Drupal | =5.3 | |
| Drupal | =6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://drupal.org/node/295053
- http://secunia.com/advisories/31825
- http://www.securityfocus.com/bid/30689
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html
- https://bugzilla.redhat.com/show_bug.cgi?id=459108
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html
- http://secunia.com/advisories/31462
- http://www.vupen.com/english/advisories/2008/2392
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44445
Frequently Asked Questions
What is the severity of CVE-2008-3740?
CVE-2008-3740 is classified as a medium severity vulnerability affecting Drupal before versions 5.10 and 6.4.
How do I fix CVE-2008-3740?
To fix CVE-2008-3740, update your Drupal installation to version 5.10 or later for Drupal 5.x and 6.4 or later for Drupal 6.x.
What types of attacks can exploit CVE-2008-3740?
CVE-2008-3740 can be exploited through cross-site scripting (XSS) attacks that allow remote attackers to inject arbitrary web scripts or HTML.
Which Drupal versions are affected by CVE-2008-3740?
CVE-2008-3740 affects Drupal versions 5.x prior to 5.10 and 6.x prior to 6.4.
Is it safe to use Drupal 5.9 or earlier after the discovery of CVE-2008-3740?
No, using Drupal 5.9 or earlier is unsafe due to the vulnerabilities listed under CVE-2008-3740; it is recommended to update to a patched version.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/drupal
- canonical/drupal
- version/drupal/5.4
- version/drupal/6.2
- version/drupal/5.2
- version/drupal/5.7
- version/drupal/5.0
- version/drupal/6.1
- version/drupal/5.6
- version/drupal/5.1
- version/drupal/5.5
- version/drupal/6.0
- version/drupal/5.9
- version/drupal/5.8
- version/drupal/5.3
- version/drupal/6.3