Back to search
CVE-2008-3741
Published: Aug 27, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.redhat.com/show_bug.cgi?id=459108
x_refsource_CONFIRM
30689
vdb-entry
x_refsource_BID
31825
third-party-advisory
x_refsource_SECUNIA
ADV-2008-2392
vdb-entry
x_refsource_VUPEN
FEDORA-2008-7626
vendor-advisory
x_refsource_FEDORA
drupal-mimemedia-xss(44446)
vdb-entry
x_refsource_XF
http://drupal.org/node/295053
x_refsource_CONFIRM
FEDORA-2008-7467
vendor-advisory
x_refsource_FEDORA
31462
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now