Cross-Site Scripting Vulnerability in User Karma Module for Drupal
CVE-2008-6275

Currently unrated

Key Information:

Vendor: Drupal
Status: User Karma Module
Vendor: CVE Published:; 25 February 2009

What is CVE-2008-6275?

The User Karma module for Drupal is affected by a cross-site scripting vulnerability that allows remote attackers to inject arbitrary web scripts or HTML through unspecified messages. This flaw manifests in versions 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, potentially enabling exploitation that could compromise user data and system integrity. Users and administrators are advised to upgrade to the latest versions to mitigate risks associated with this security issue.

References

http://drupal.org/node/339553

x_refsource_CONFIRM

http://secunia.com/advisories/32904

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/46947

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2009
Vulnerability Reserved
Feb 25, 2009