4.3
CVSSv2

CVE-2008-0273

Published: 15/01/2008 Updated: 08/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Interpretation conflict in Drupal 4.7.x prior to 4.7.11 and 5.x prior to 5.6, when Internet Explorer 6 is used, allows remote malicious users to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.

Vulnerable Product Search on Vulmon Subscribe to Product

drupal drupal 4.0.0

drupal drupal 4.1.0

drupal drupal 4.2.0_rc

drupal drupal 4.4

drupal drupal 4.4.1

drupal drupal 4.4.2

drupal drupal 4.4.3

drupal drupal 4.5

drupal drupal 4.5.1

drupal drupal 4.5.2

drupal drupal 4.5.3

drupal drupal 4.5.4

drupal drupal 4.5.5

drupal drupal 4.5.6

drupal drupal 4.5.7

drupal drupal 4.5.8

drupal drupal 4.6

drupal drupal 4.6.1

drupal drupal 4.6.2

drupal drupal 4.6.3

drupal drupal 4.6.4

drupal drupal 4.6.5

drupal drupal 4.6.6

drupal drupal 4.6.7

drupal drupal 4.6.8

drupal drupal 4.6.9

drupal drupal 4.6.10

drupal drupal 4.6.11

drupal drupal 4.7

drupal drupal 4.7.1

drupal drupal 4.7.2

drupal drupal 4.7.3

drupal drupal 4.7.4

drupal drupal 4.7.5

drupal drupal 4.7.6

drupal drupal 4.7.7

drupal drupal 4.7.8

drupal drupal 4.7.9

drupal drupal 4.7.10

drupal drupal 4.7_rev_1.2

drupal drupal 4.7_rev_1.15

drupal drupal 5.0

drupal drupal 5.1

drupal drupal 5.1_rev1.1

drupal drupal 5.2

drupal drupal 5.3

drupal drupal 5.4

drupal drupal 5.5.