Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2008-3219

The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not quotprevent use of the object HTML tag in administrator inputquot which has unknown impact and attack vectors probably related to an insufficient cross-site scripting (XSS) protection mechanism.