CVE-2009-3915

Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/620662	Patch Vendor Advisory
http://drupal.org/node/620668	Patch Vendor Advisory
http://drupal.org/node/623562	Patch Vendor Advisory
http://osvdb.org/59672
http://secunia.com/advisories/37289	Vendor Advisory
http://www.securityfocus.com/bid/36928	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/54142
http://drupal.org/node/620662	Patch Vendor Advisory
http://drupal.org/node/620668	Patch Vendor Advisory
http://drupal.org/node/623562	Patch Vendor Advisory
http://osvdb.org/59672
http://secunia.com/advisories/37289	Vendor Advisory
http://www.securityfocus.com/bid/36928	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/54142

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:john_c_fiala:link:5.x-1.1:::::::*
	cpe:2.3:a:john_c_fiala:link:5.x-1.2:::::::*
	cpe:2.3:a:john_c_fiala:link:5.x-1.3:::::::*
	cpe:2.3:a:john_c_fiala:link:5.x-1.4:::::::*
	cpe:2.3:a:john_c_fiala:link:5.x-1.5:::::::*
	cpe:2.3:a:john_c_fiala:link:5.x-1.x-dev:::::::*
	cpe:2.3:a:john_c_fiala:link:5.x-2.0:::::::*
	cpe:2.3:a:john_c_fiala:link:5.x-2.1:::::::*
	cpe:2.3:a:john_c_fiala:link:5.x-2.2:::::::*
	cpe:2.3:a:john_c_fiala:link:5.x-2.3:::::::*
	cpe:2.3:a:john_c_fiala:link:5.x-2.3.1:::::::*
	cpe:2.3:a:john_c_fiala:link:5.x-2.4:::::::*
	cpe:2.3:a:john_c_fiala:link:5.x-2.5:::::::*
	cpe:2.3:a:john_c_fiala:link:6.x-1.x-dev:::::::*
	cpe:2.3:a:john_c_fiala:link:6.x-2.1:beta1::::::
	cpe:2.3:a:john_c_fiala:link:6.x-2.1:beta2::::::
	cpe:2.3:a:john_c_fiala:link:6.x-2.1:beta3::::::
	cpe:2.3:a:john_c_fiala:link:6.x-2.1:beta4::::::
	cpe:2.3:a:john_c_fiala:link:6.x-2.2:::::::*
	cpe:2.3:a:john_c_fiala:link:6.x-2.3:::::::*
	cpe:2.3:a:john_c_fiala:link:6.x-2.3.1:::::::*
	cpe:2.3:a:john_c_fiala:link:6.x-2.5:::::::*
	cpe:2.3:a:john_c_fiala:link:6.x-2.6:::::::*
	cpe:2.3:a:john_c_fiala:link:6.x-2.6:beta1::::::
	cpe:2.3:a:john_c_fiala:link:6.x-2.6:beta2::::::
	cpe:2.3:a:john_c_fiala:link:6.x-2.6:beta3::::::

History

21 Nov 2024, 01:08

Type	Values Removed	Values Added
References	~~() http://drupal.org/node/620662 - Patch, Vendor Advisory~~	() http://drupal.org/node/620662 - Patch, Vendor Advisory
References	~~() http://drupal.org/node/620668 - Patch, Vendor Advisory~~	() http://drupal.org/node/620668 - Patch, Vendor Advisory
References	~~() http://drupal.org/node/623562 - Patch, Vendor Advisory~~	() http://drupal.org/node/623562 - Patch, Vendor Advisory
References	~~() http://osvdb.org/59672 -~~	() http://osvdb.org/59672 -
References	~~() http://secunia.com/advisories/37289 - Vendor Advisory~~	() http://secunia.com/advisories/37289 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/36928 - Patch~~	() http://www.securityfocus.com/bid/36928 - Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/54142 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/54142 -

Information

Published : 2009-11-09 17:30

Updated : 2024-11-21 01:08

NVD link : CVE-2009-3915

Mitre link : CVE-2009-3915

CVE.ORG link : CVE-2009-3915

JSON object : View

Products Affected

john_c_fiala

link

drupal

drupal

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10