Cross-Site Scripting Vulnerability in Drupal Link to Us Module by Greg Holsclaw
CVE-2008-4149

Currently unrated

Key Information:

Vendor: Drupal
Status: Link To Us
Vendor: CVE Published:; 24 September 2008

What is CVE-2008-4149?

The Link to Us module for Drupal is susceptible to a cross-site scripting (XSS) vulnerability that enables remote authenticated users to inject arbitrary web scripts or HTML into the site. The flaw resides in the handling of the 'Link page header' field, which can be exploited to execute malicious scripts, potentially compromising user data and site integrity. This vulnerability highlights the importance of input validation and sanitization in web applications to prevent unauthorized script execution.

References

http://drupal.org/node/309861

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/2618

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/31224

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2008
Vulnerability Reserved
Sep 19, 2008

CVE-2008-4149 Data

JSON