Vulnerability Description
Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Darren Oh | Xml Sitemap | 5.x-1.6 |
| Drupal | Drupal | All versions |
Related Weaknesses (CWE)
References
- http://drupal.org/node/591724PatchVendor Advisory
- http://drupal.org/node/591732PatchVendor Advisory
- http://www.securityfocus.com/bid/36556Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53572
- http://drupal.org/node/591724PatchVendor Advisory
- http://drupal.org/node/591732PatchVendor Advisory
- http://www.securityfocus.com/bid/36556Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53572
FAQ
What is CVE-2009-3653?
CVE-2009-3653 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permissi...
How severe is CVE-2009-3653?
CVE-2009-3653 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3653?
Check the references section above for vendor advisories and patch information. Affected products include: Darren Oh Xml Sitemap, Drupal Drupal.