CVE-2008-1131

Publication date 4 March 2008

Last updated 24 July 2024

Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
drupal	7.10 gutsy	Not in release
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
drupal5	7.10 gutsy	Not affected
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

drupal 6.0 only (Debian says code not present in drupal 5)

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2008-1131