Unrated severityNVD Advisory· Published Sep 24, 2008· Updated Jun 16, 2026
CVE-2008-4149
CVE-2008-4149
Description
Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:drupal:link_to_us:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:drupal:link_to_us:*:*:*:*:*:*:*:*range: <=5.x-1.0
- cpe:2.3:a:drupal:link_to_us:5.x-1.x-dev:*:*:*:*:*:*:*
- Range: <5.x-1.1
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.