Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Protected Node Module | 5.x |
| Drupal | Drupal | All versions |
Related Weaknesses (CWE)
References
- http://drupal.org/node/385950ExploitVendor Advisory
- http://drupal.org/node/386604PatchVendor Advisory
- http://drupal.org/node/386606PatchVendor Advisory
- http://lampsecurity.org/node/28ExploitURL Repurposed
- http://osvdb.org/52300
- http://secunia.com/advisories/34060Vendor Advisory
- http://www.vupen.com/english/advisories/2009/0572PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48980
- http://drupal.org/node/385950ExploitVendor Advisory
- http://drupal.org/node/386604PatchVendor Advisory
- http://drupal.org/node/386606PatchVendor Advisory
- http://lampsecurity.org/node/28ExploitURL Repurposed
- http://osvdb.org/52300
- http://secunia.com/advisories/34060Vendor Advisory
- http://www.vupen.com/english/advisories/2009/0572PatchVendor Advisory
FAQ
What is CVE-2009-0817?
CVE-2009-0817 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configurat...
How severe is CVE-2009-0817?
CVE-2009-0817 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0817?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Protected Node Module, Drupal Drupal.