Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2009-4369

Опубликовано: 21 дек. 2009
Источник: debian
EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
drupal6fixed6.15-1package
drupal6fixed6.6-3lenny4lennypackage
drupal5fixed5.21-1package
drupal5no-dsalennypackage

EPSS

Процентиль: 49%
0.00256
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2009-4369

ubuntu
больше 15 лет назад

Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.

nvd логотип

CVE-2009-4369

nvd
больше 15 лет назад

Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.

github логотип

GHSA-3rm3-gj9m-589h

github
около 3 лет назад

Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.

EPSS

Процентиль: 49%
0.00256
Низкий