CVE-2008-3218

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2008/07/10/3", "name": "[oss-security] 20080710 CVE request: multiple drupal issues in < 6.3,5.8", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://drupal.org/node/280571", "name": "http://drupal.org/node/280571", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/30168", "name": "30168", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html", "name": "FEDORA-2008-6916", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html", "name": "FEDORA-2008-6415", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/31079", "name": "31079", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=454849", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=454849", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html", "name": "FEDORA-2008-6411", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43704", "name": "drupal-taxonomyterms-xss(43704)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-3218", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2008-07-18T16:41Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.3", "versionStartIncluding": "6.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-04-19T21:03Z"}