VulnerableCode Vulnerability Details - VCID-65sy-13ax-4kcm

Search for vulnerabilities

Vulnerability details: VCID-65sy-13ax-4kcm

Essentials
Severities (13)
References (14)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-65sy-13ax-4kcm
Aliases	CVE-2008-3218 GHSA-6cj8-c359-p7q9
Summary	Drupal vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://drupal.org/node/280571
epss	0.00518	https://api.first.org/data/v1/epss?cve=CVE-2008-3218
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=454849
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/43704
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-6cj8-c359-p7q9
generic_textual	MODERATE	https://github.com/drupal/drupal
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2008-3218
generic_textual	MODERATE	https://web.archive.org/web/20080804010537/http://secunia.com/advisories/31079
generic_textual	MODERATE	https://web.archive.org/web/20081007110725/http://www.securityfocus.com/bid/30168
generic_textual	MODERATE	https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
generic_textual	MODERATE	https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
generic_textual	MODERATE	https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2008/07/10/3

Reference id	Reference type	URL
		http://drupal.org/node/280571
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3218.json
		https://api.first.org/data/v1/epss?cve=CVE-2008-3218
		https://bugzilla.redhat.com/show_bug.cgi?id=454849
		https://exchange.xforce.ibmcloud.com/vulnerabilities/43704
		https://github.com/drupal/drupal
		https://nvd.nist.gov/vuln/detail/CVE-2008-3218
		https://web.archive.org/web/20080804010537/http://secunia.com/advisories/31079
		https://web.archive.org/web/20081007110725/http://www.securityfocus.com/bid/30168
		https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
		https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
		https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
		http://www.openwall.com/lists/oss-security/2008/07/10/3
GHSA-6cj8-c359-p7q9		https://github.com/advisories/GHSA-6cj8-c359-p7q9

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.65762
EPSS Score	0.00518
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:30:09.141755+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6cj8-c359-p7q9/GHSA-6cj8-c359-p7q9.json	36.1.3