exploitDog

CVE-2008-5999

Опубликовано: 28 янв. 2009

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.

Ссылки

http://drupal.org/node/312968
Patch
Vendor Advisory
http://secunia.com/advisories/32009
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45412
http://drupal.org/node/312968
Patch
Vendor Advisory
http://secunia.com/advisories/32009
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45412

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:drupal:ajax_checklist:5.x-1.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00121

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h454-g9fh-9j7f

github

около 3 лет назад

Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.

EPSS

Процентиль: 32%

0.00121

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79