CVE-2008-4710
Description
Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting (XSS) vulnerability in Stock module for Drupal 6.x allows remote attackers to inject arbitrary web script or HTML via the stock quotes page.
Vulnerability
The Stock module for Drupal 6.x provides stock quotes functionality. A menu permissions oversight in versions prior to 6.x-1.0 allows any user to modify the heading text of the stock quotes page. This text is not properly escaped, leading to a cross-site scripting (XSS) vulnerability [1].
Exploitation
An attacker, without requiring authentication, can change the heading text by exploiting the access bypass. Arbitrary HTML and script code can be injected into the page [1].
Impact
Successful exploitation allows remote attackers to inject arbitrary web script or HTML, resulting in cross-site scripting attacks that could lead to session hijacking, defacement, or other malicious activities [1].
Mitigation
Users should upgrade to Stock 6.x-1.0, which fixes the issue. No other mitigation is available [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:a:drupal:stock_module:6x:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.