Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 06/10/2009 Updated: 08/10/2009

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Comment RSS 5.x prior to 5.x-2.2 and 6.x prior to 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote malicious users to obtain the node title and possibly other sensitive content by reading the feed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gabor_hojtsy commentrss 5.x-1.1
gabor_hojtsy commentrss 5.x-2.0
dave_reid commentrss 5.x-2.1
gabor_hojtsy commentrss 6.x-2.x
dave_reid commentrss 6.x-2.1
gabor_hojtsy commentrss 5.x-2.x
gabor_hojtsy commentrss 5.x-1.0
gabor_hojtsy commentrss 6.x-1.0
gabor_hojtsy commentrss 6.x-1.1
gabor_hojtsy commentrss 6.x-1.2
gabor_hojtsy commentrss 5.x-1.2
gabor_hojtsy commentrss 5.x-1.x
gabor_hojtsy commentrss 6.x-2.0

CWE-264 http://drupal.org/node/579292 http://drupal.org/node/579280 http://www.securityfocus.com/bid/36429 http://www.osvdb.org/58177 http://drupal.org/node/579290 http://secunia.com/advisories/36787 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-3568

Vulnerability Summary

References

Vulmon Search

About

Products

Connect