Vulnerability Description
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | 5.0 |
Related Weaknesses (CWE)
References
- http://drupal.org/node/449078PatchVendor Advisory
- http://secunia.com/advisories/34948Vendor Advisory
- http://secunia.com/advisories/34950Vendor Advisory
- http://secunia.com/advisories/34980
- http://www.debian.org/security/2009/dsa-1792
- http://www.osvdb.org/54152Patch
- http://www.vbdrupal.org/forum/showthread.php?p=9953#post9953PatchVendor Advisory
- http://www.vupen.com/english/advisories/2009/1216PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50250
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00108.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00133.html
- http://drupal.org/node/449078PatchVendor Advisory
- http://secunia.com/advisories/34948Vendor Advisory
- http://secunia.com/advisories/34950Vendor Advisory
- http://secunia.com/advisories/34980
FAQ
What is CVE-2009-1575?
CVE-2009-1575 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UT...
How severe is CVE-2009-1575?
CVE-2009-1575 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1575?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal.