Lucene search

[email protected]CVE-2009-0817

HistoryMar 05, 2009 - 2:30 a.m.

CVE-2009-0817

2009-03-0502:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-0817

cross-site scripting

xss

vulnerability

protected node module

drupal

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.5%

JSON

Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with “administer site configuration” permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.

Affected configurations

NVD

Node

drupalprotected_node_moduleMatch5.x

drupalprotected_node_moduleMatch5.x-1.0

drupalprotected_node_moduleMatch5.x-1.2

drupalprotected_node_moduleMatch5.x-1.3

drupalprotected_node_moduleMatch5.x-1.x-dev

drupalprotected_node_moduleMatch6.x-1.0

drupalprotected_node_moduleMatch6.x-1.2

drupalprotected_node_moduleMatch6.x-1.3

drupalprotected_node_moduleMatch6.x-1.4

AND

drupaldrupal

CPENameOperatorVersion
drupal:protected_node_moduledrupal protected node moduleeq5.x
drupal:protected_node_moduledrupal protected node moduleeq5.x-1.0
drupal:protected_node_moduledrupal protected node moduleeq5.x-1.2
drupal:protected_node_moduledrupal protected node moduleeq5.x-1.3
drupal:protected_node_moduledrupal protected node moduleeq5.x-1.x-dev
drupal:protected_node_moduledrupal protected node moduleeq6.x-1.0
drupal:protected_node_moduledrupal protected node moduleeq6.x-1.2
drupal:protected_node_moduledrupal protected node moduleeq6.x-1.3
drupal:protected_node_moduledrupal protected node moduleeq6.x-1.4

CPE	Name	Operator	Version
drupal:protected_node_module	drupal protected node module	eq	5.x
drupal:protected_node_module	drupal protected node module	eq	5.x-1.0
drupal:protected_node_module	drupal protected node module	eq	5.x-1.2
drupal:protected_node_module	drupal protected node module	eq	5.x-1.3
drupal:protected_node_module	drupal protected node module	eq	5.x-1.x-dev
drupal:protected_node_module	drupal protected node module	eq	6.x-1.0
drupal:protected_node_module	drupal protected node module	eq	6.x-1.2
drupal:protected_node_module	drupal protected node module	eq	6.x-1.3
drupal:protected_node_module	drupal protected node module	eq	6.x-1.4

References

drupal.org/node/385950

drupal.org/node/386604

drupal.org/node/386606

lampsecurity.org/node/28

osvdb.org/52300

secunia.com/advisories/34060

www.vupen.com/english/advisories/2009/0572

exchange.xforce.ibmcloud.com/vulnerabilities/48980

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.5%

JSON

Related for CVE-2009-0817

prion1 nvd1 cvelist1