CVE-2008-0274

N/A Unknown

Published: January 15, 2008 Modified: April 23, 2026

Description

Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://drupal.org/node/208565

Source: cve@mitre.org

http://secunia.com/advisories/28422

Source: cve@mitre.org

Patch

http://secunia.com/advisories/28486

Source: cve@mitre.org

http://www.securityfocus.com/bid/27238

Source: cve@mitre.org

Patch

http://www.vbdrupal.org/forum/showthread.php?p=6878

Source: cve@mitre.org

http://www.vbdrupal.org/forum/showthread.php?t=1349

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0127

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0134

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/39605

Source: cve@mitre.org

http://drupal.org/node/208565