CVE-2008-0273

Опубликовано: 15 янв. 2008

Источник: ubuntu

Приоритет: low

CVSS2: 4.3

Описание

Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.

Релиз	Статус	Примечание
dapper	ignored	end of life
devel	DNE
edgy	ignored	end of life, was needed
feisty	released	5.1-0ubuntu2.3
gutsy	DNE
hardy	DNE
intrepid	DNE
jaunty	DNE
karmic	DNE
upstream	released	4.7.11, 5.6

Показывать по

Релиз	Статус	Примечание
dapper	DNE
devel	DNE
edgy	DNE
feisty	DNE
gutsy	released	5.2-2ubuntu2.2
hardy	not-affected	5.6-1ubuntu1
intrepid	not-affected	5.6-1ubuntu1
jaunty	not-affected	5.6-1ubuntu1
karmic	not-affected	5.6-1ubuntu1
upstream	released	5.6

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2008-0273

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2008-0273

nvd

больше 17 лет назад

CVE-2008-0273

debian

больше 17 лет назад

Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5 ...

GHSA-8qf4-w3v3-j532

github

около 3 лет назад

4.3 Medium

CVSS2

CVE-2008-0273

Описание

Пакет drupal

Пакет drupal5

Ссылки на источники

Связанные уязвимости