Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2009-4429

Published: 28/12/2009 Updated: 17/08/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 360
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Sections Module

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the Sections module 5.x prior to 5.x-1.3 and 6.x prior to 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).

Vulnerable Product Search on Vulmon Subscribe to Product

alexander_hass sections_module 5.x-1.2

alexander_hass sections_module 6.x-1.x-dev

alexander_hass sections_module 6.x-1.1

alexander_hass sections_module 6.x-1.0

alexander_hass sections_module 5.x-1.x-dev

alexander_hass sections_module 6.x-1.2

alexander_hass sections_module 5.x-1.1

alexander_hass sections_module 5.x-1.0

Exploits

Exploit DB: Drupal Module Sections 5.x-1.2/6.x-1.2 - HTML Injection
source: wwwsecurityfocuscom/bid/37371/info The Sections module for Drupal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected brows ...
Exploit DB: Drupal Module Sections - Cross-Site Scripting
The text of this announcment is also available at wwwmadirishnet/?article=440 Description of Vulnerability: - - - ----------------------------- Drupal (drupalorg) is a robust content management system (CMS) written in PHP and MySQL that provides extensibility through various third party modules The Sections module (drupal ...

References

CWE-79http://www.madirish.net/?article=440http://www.osvdb.org/61107http://www.securityfocus.com/bid/37371http://drupal.org/node/661404http://secunia.com/advisories/37752https://exchange.xforce.ibmcloud.com/vulnerabilities/54860https://nvd.nist.govhttps://www.exploit-db.com/exploits/33410/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook