Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2008-3218 - Vulnerability Database

Drupal

Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2008-3218

Medium

Reference: CVE-2008-3218

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2008-3218

Title: Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms which are not properly handled on node preview pages and (2) unspecified OpenID values.