CVE-2008-5996
Published Jan 28, 2009
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:link3:simplenews:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1FCE644-458F-44DF-8ED3-6E43B5BCABF6",
"versionEndIncluding": "5.x-1.4"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:*:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5F92839-FAE7-4E6C-BB90-3FDE4A2069B5",
"versionEndIncluding": "6.x-1.0"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:4.6.x-1.x-dev:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6900A327-F89A-4265-9AF4-6F9D4A473591"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:4.7.x-1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA6B5388-E9CF-4C6F-B53F-FDCA393359BB"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:4.7.x-1.x-dev:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2638AB1A-3ABE-4F3F-A8F8-F0DE4F2C8E0D"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:4.7.x-2.x-dev:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F8AE487-762C-45EA-A31A-C60B7EA08953"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:5.x-1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57048EDA-F42A-4B61-AE79-DE21C7EE471E"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:5.x-1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44FAA0DC-762A-4369-8ACB-F30ECCBA126F"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:5.x-1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64B9BF62-1ACC-482A-BE14-061755462940"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:5.x-1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "467582B5-94EB-4EF4-8BA3-B90CCC4B4524"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:5.x-1.x-dev:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7A5BBAA-E065-40D2-B0B0-EF4FFE9D2487"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:6.x-1.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC9A538F-A1C9-41C1-BA54-D8785048D0BB"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:6.x-1.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "525120D7-08A8-47A0-94AE-1B961D9BD7E6"
},
{
"criteria": "cpe:2.3:a:link3:simplenews:6.x-1.x-dev:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A46446C2-E96A-494E-AD8B-A576D229B0BC"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]