CVE-2008-1980
Description
Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting vulnerability in E-Publish Drupal module allows remote attackers to inject arbitrary web script or HTML via unescaped values, potentially leading to administrator access.
Vulnerability
The E-Publish module for Drupal 5.x and 6.x contains a cross-site scripting (XSS) vulnerability because several values are displayed without proper escaping [1]. This affects E-Publish for Drupal 5.x before version 5.x-1.1 and E-Publish for Drupal 6.x before version 6.x-1.0-beta1 [1].
Exploitation
An attacker can inject arbitrary HTML and script code by providing crafted input through unspecified vectors [1]. No authentication is required; the attack is remote and can be triggered by any user viewing the affected pages. The injected code executes in the context of the victim's browser session.
Impact
Successful exploitation of the XSS vulnerability can lead to administrator access [1]. An attacker may steal session cookies, perform actions on behalf of the victim, or escalate privileges within the Drupal site.
Mitigation
Users should upgrade to the fixed versions: E-Publish 5.x-1.1 for Drupal 5.x, or E-Publish 6.x-1.0-beta1 for Drupal 6.x [1]. No workarounds are provided. The advisory was published on April 23, 2008.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.