Description

The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

Remediation

References

CVE-2008-1133

Related Vulnerabilities

WordPress Plugin JM Twitter Cards Information Disclosure (6.1)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2017-1000014)

WordPress Plugin YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-32615)

WordPress Plugin DVS Custom Notification Multiple Cross-Site Request Forgery Vulnerabilities (1.0.1)

Severity

Medium

Classification

CVE-2008-1133 CWE-707

Tags

Missing Update Known Vulnerabilities