CVE-2009-4061

Опубликовано: 24 нояб. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Ссылки

http://drupal.org/node/631538
Patch
http://drupal.org/node/636568
Patch
Vendor Advisory
http://osvdb.org/60274
http://secunia.com/advisories/37437
Vendor Advisory
http://www.securityfocus.com/bid/37057
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/54342
http://drupal.org/node/631538
Patch
http://drupal.org/node/636568
Patch
Vendor Advisory
http://osvdb.org/60274
http://secunia.com/advisories/37437
Vendor Advisory
http://www.securityfocus.com/bid/37057
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/54342

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:yuriy_babenko:agreement_module:6.x-1.0:*:*:*:*:*:*:*

cpe:2.3:a:yuriy_babenko:agreement_module:6.x-1.1:*:*:*:*:*:*:*

cpe:2.3:a:yuriy_babenko:agreement_module:6.x-1.x-dev:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00404

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-j6pq-jv3j-chw7

github

около 3 лет назад