CVE-2008-5996

Published Jan 28, 2009

Last updated 8 years ago

CVSS info 3.5

Overview

Description: Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:link3:simplenews:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1FCE644-458F-44DF-8ED3-6E43B5BCABF6",
            "versionEndIncluding": "5.x-1.4"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:*:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5F92839-FAE7-4E6C-BB90-3FDE4A2069B5",
            "versionEndIncluding": "6.x-1.0"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:4.6.x-1.x-dev:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6900A327-F89A-4265-9AF4-6F9D4A473591"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:4.7.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA6B5388-E9CF-4C6F-B53F-FDCA393359BB"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:4.7.x-1.x-dev:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2638AB1A-3ABE-4F3F-A8F8-F0DE4F2C8E0D"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:4.7.x-2.x-dev:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F8AE487-762C-45EA-A31A-C60B7EA08953"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:5.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57048EDA-F42A-4B61-AE79-DE21C7EE471E"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:5.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44FAA0DC-762A-4369-8ACB-F30ECCBA126F"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:5.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64B9BF62-1ACC-482A-BE14-061755462940"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:5.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "467582B5-94EB-4EF4-8BA3-B90CCC4B4524"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:5.x-1.x-dev:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7A5BBAA-E065-40D2-B0B0-EF4FFE9D2487"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:6.x-1.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC9A538F-A1C9-41C1-BA54-D8785048D0BB"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:6.x-1.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "525120D7-08A8-47A0-94AE-1B961D9BD7E6"
          },
          {
            "criteria": "cpe:2.3:a:link3:simplenews:6.x-1.x-dev:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A46446C2-E96A-494E-AD8B-A576D229B0BC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References