Published: 29/05/2009 Updated: 17/08/2017

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x prior to 5.x-4.7 and 6.x prior to 6.x-1.7, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to contain crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, a related issue to CVE-2009-1575.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal print 5.x-2.2
drupal print 5.x-2.x-dev
drupal print 5.x-3.6
drupal print 5.x-3.7
drupal print 6.x-1.1
drupal print 6.x-1.2
drupal print 5.x-4.3
drupal print 5.x-4.4
drupal print 5.x-1.0
drupal print 5.x-1.1
drupal print 5.x-1.2
drupal print 5.x-3.2
drupal print 5.x-3.3
drupal print 6.x-1.0-rc4
drupal print 6.x-1.0-rc5
drupal print 6.x-1.6
drupal print 5.x-4.0
drupal print 5.x-1.x-dev
drupal print 5.x-2.1
drupal print 5.x-3.4
drupal print 5.x-3.5
drupal print 6.x-1.0-rc8
drupal print 6.x-1.0-rc9
drupal print 5.x-4.1
drupal print 5.x-4.2
drupal print 5.x
drupal print 5.x-3.0
drupal print 5.x-3.1
drupal print 6.x-1.0
drupal print 6.x-1.0-rc3
drupal print 6.x-1.3
drupal print 6.x-1.4
drupal print 6.x-1.5
drupal print 5.x-4.5
drupal print 5.x-4.6

CWE-79 http://secunia.com/advisories/35040 http://osvdb.org/54427 http://www.securityfocus.com/bid/34954 http://www.vupen.com/english/advisories/2009/1320 http://drupal.org/node/461674 https://exchange.xforce.ibmcloud.com/vulnerabilities/50523 https://nvd.nist.gov

CVE-2009-1823

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect