Bug 435814 - (CVE-2008-1131) CVE-2008-1131,CVE-2008-1133 drupal new release fixes XSS issue
CVE-2008-1131,CVE-2008-1133 drupal new release fixes XSS issue
Status: CLOSED RAWHIDE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://drupal.org/node/227608
: Security
Depends On: 435815 435816 435817
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-03 18:20 EST by Lubomir Kundrak
Modified: 2008-03-05 11:25 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-03 20:44:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2008-03-03 18:20:25 EST
Titles are not escaped prior to being displayed on content edit forms, allowing
users to inject arbitrary HTML and script code into these pages.

The Drupal.checkPlain function, used to escape text in ECMAScript, contains a
bug which causes it to escape only the first instance of a character, allowing
users to inject arbitrary HTML and script code in certain pages.

http://drupal.org/node/227608
Comment 2 Lubomir Kundrak 2008-03-03 18:23:19 EST
CVE name requested for this.
Comment 3 Jon Ciesla 2008-03-03 20:44:43 EST
SA-2008-018 addressed in rawhide by 6.1, not present in 5.x branch for F-7 and F-8.
Comment 4 Lubomir Kundrak 2008-03-04 07:17:49 EST
Jon: Thanks!
Comment 5 Tomas Hoger 2008-03-04 09:03:09 EST
CVE-2008-1131:

Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote
authenticated users to inject arbitrary web script or HTML via titles
in content edit forms.
Comment 6 Tomas Hoger 2008-03-05 11:25:26 EST
CVE-2008-1133:

The Drupal.checkPlain function in Drupal 6.0 only escapes the first
instance of a character in ECMAScript, which allows remote attackers
to conduct cross-site scripting (XSS) attacks.

Note You need to log in before you can comment on or make changes to this bug.