CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-4152

Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.9%

CVSS Severity

CVSS v2 Score 3.5

References

http://drupal.org/node/309758
http://secunia.com/advisories/31908
http://www.securityfocus.com/bid/31236
http://www.vupen.com/english/advisories/2008/2615
https://exchange.xforce.ibmcloud.com/vulnerabilities/45222
http://drupal.org/node/309758
http://secunia.com/advisories/31908
http://www.securityfocus.com/bid/31236
http://www.vupen.com/english/advisories/2008/2615
https://exchange.xforce.ibmcloud.com/vulnerabilities/45222

Products affected by CVE-2008-4152

Drupal » Talk » Version: Any

cpe:2.3:a:drupal:talk:*
Drupal » Talk » Version: 5.x-1.0

cpe:2.3:a:drupal:talk:5.x-1.0
Drupal » Talk » Version: 5.x-1.1

cpe:2.3:a:drupal:talk:5.x-1.1
Drupal » Talk » Version: 6.x-1.0

cpe:2.3:a:drupal:talk:6.x-1.0
Drupal » Talk » Version: 6.x-1.1

cpe:2.3:a:drupal:talk:6.x-1.1
Drupal » Talk » Version: 6.x-1.2

cpe:2.3:a:drupal:talk:6.x-1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4152

Products

Pricing

Contact Us