CVE-2008-6170

Publication date 19 February 2009

Last updated 24 July 2024

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
drupal5	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 5.10-1ubuntu1.1
	8.04 LTS hardy	Fixed 5.7-1ubuntu1.2
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Not in release
drupal6	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

SA-2008-067

References

MITRE
NVD
Launchpad
Debian

Other references

http://drupal.org/node/324824
https://www.cve.org/CVERecord?id=CVE-2008-6170