Description

The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

Remediation

References

CVE-2008-1133

Related Vulnerabilities

Squid Improper Input Validation Vulnerability (CVE-2020-25097)

phpMyFAQ Weak Password Requirements Vulnerability (CVE-2023-0307)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.31)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.10)

WordPress Plugin Email Subscribers & Newsletters Security Bypass (3.5.13)

Severity

Medium

Classification

CVE-2008-1133 CWE-707

Tags

Missing Update Known Vulnerabilities