Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Quiz | 5.x |
Related Weaknesses (CWE)
References
- http://drupal.org/node/481270Patch
- http://drupal.org/node/481274PatchVendor Advisory
- http://drupal.org/node/481308
- http://osvdb.org/54880Patch
- http://secunia.com/advisories/35345Vendor Advisory
- http://www.securityfocus.com/bid/35199Patch
- http://drupal.org/node/481270Patch
- http://drupal.org/node/481274PatchVendor Advisory
- http://drupal.org/node/481308
- http://osvdb.org/54880Patch
- http://secunia.com/advisories/35345Vendor Advisory
- http://www.securityfocus.com/bid/35199Patch
FAQ
What is CVE-2009-1942?
CVE-2009-1942 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz...
How severe is CVE-2009-1942?
CVE-2009-1942 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1942?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Quiz.