CVE-2009-2076

Опубликовано: 16 июн. 2009

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.

Ссылки

http://drupal.org/node/488068
Patch
Vendor Advisory
http://drupal.org/node/488082
Patch
http://lampsecurity.org/drupal-views-xss-vulnerability
Exploit
URL Repurposed
http://secunia.com/advisories/35425
Vendor Advisory
http://www.securityfocus.com/bid/35304
http://drupal.org/node/488068
Patch
Vendor Advisory
http://drupal.org/node/488082
Patch
http://lampsecurity.org/drupal-views-xss-vulnerability
Exploit
URL Repurposed
http://secunia.com/advisories/35425
Vendor Advisory
http://www.securityfocus.com/bid/35304

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:drupal:views:6.x-2.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:views:6.x-2.1:*:*:*:*:*:*:*

cpe:2.3:a:drupal:views:6.x-2.2:*:*:*:*:*:*:*

cpe:2.3:a:drupal:views:6.x-2.3:*:*:*:*:*:*:*

cpe:2.3:a:drupal:views:6.x-2.4:*:*:*:*:*:*:*

cpe:2.3:a:drupal:views:6.x-2.5:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00156

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2009-2076

debian

около 16 лет назад

Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, ...

GHSA-39m7-7p2w-vfpx

github

около 3 лет назад