Lucene search

MitreCVE-2009-3206

HistorySep 16, 2009 - 5:30 p.m.

CVE-2009-3206

2009-09-1617:30:00

CWE-79

mitre

web.nvd.nist.gov

cve

2009

3206

xss

vulnerabilities

imagecache

module

drupal

nvd

security

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

36.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with “administer imagecache” permissions, to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

drupaldrupal

AND

drewishimagecacheMatch5.x-1.0

drewishimagecacheMatch5.x-1.1

drewishimagecacheMatch5.x-1.2

drewishimagecacheMatch5.x-1.3

drewishimagecacheMatch5.x-1.4

drewishimagecacheMatch5.x-1.5

drewishimagecacheMatch5.x-1.6

drewishimagecacheMatch5.x-1.7

drewishimagecacheMatch5.x-1.xdev

drewishimagecacheMatch5.x-2.0

drewishimagecacheMatch5.x-2.0alpha

drewishimagecacheMatch5.x-2.0beta

drewishimagecacheMatch5.x-2.0rc1

drewishimagecacheMatch5.x-2.0rc2

drewishimagecacheMatch5.x-2.1

drewishimagecacheMatch5.x-2.2

drewishimagecacheMatch5.x-2.3

drewishimagecacheMatch5.x-2.4

drewishimagecacheMatch5.x-2.xdev

drewishimagecacheMatch6.x-1.0alpha1

drewishimagecacheMatch6.x-1.0alpha2

drewishimagecacheMatch6.x-2.0beta1

drewishimagecacheMatch6.x-2.0beta2

drewishimagecacheMatch6.x-2.0beta3

drewishimagecacheMatch6.x-2.0beta4

drewishimagecacheMatch6.x-2.0beta5

drewishimagecacheMatch6.x-2.0beta6

drewishimagecacheMatch6.x-2.0beta7

drewishimagecacheMatch6.x-2.0beta8

drewishimagecacheMatch6.x-2.0beta9

drewishimagecacheMatch6.x-2.x-dev

VendorProductVersionCPE
drupaldrupal*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
drewishimagecache5.x-1.0cpe:2.3:a:drewish:imagecache:5.x-1.0:*:*:*:*:*:*:*
drewishimagecache5.x-1.1cpe:2.3:a:drewish:imagecache:5.x-1.1:*:*:*:*:*:*:*
drewishimagecache5.x-1.2cpe:2.3:a:drewish:imagecache:5.x-1.2:*:*:*:*:*:*:*
drewishimagecache5.x-1.3cpe:2.3:a:drewish:imagecache:5.x-1.3:*:*:*:*:*:*:*
drewishimagecache5.x-1.4cpe:2.3:a:drewish:imagecache:5.x-1.4:*:*:*:*:*:*:*
drewishimagecache5.x-1.5cpe:2.3:a:drewish:imagecache:5.x-1.5:*:*:*:*:*:*:*
drewishimagecache5.x-1.6cpe:2.3:a:drewish:imagecache:5.x-1.6:*:*:*:*:*:*:*
drewishimagecache5.x-1.7cpe:2.3:a:drewish:imagecache:5.x-1.7:*:*:*:*:*:*:*
drewishimagecache5.x-1.xcpe:2.3:a:drewish:imagecache:5.x-1.x:dev:*:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	drupal	*	cpe:2.3:a:drupal:drupal::::::::
drewish	imagecache	5.x-1.0	cpe:2.3:a:drewish:imagecache:5.x-1.0:::::::*
drewish	imagecache	5.x-1.1	cpe:2.3:a:drewish:imagecache:5.x-1.1:::::::*
drewish	imagecache	5.x-1.2	cpe:2.3:a:drewish:imagecache:5.x-1.2:::::::*
drewish	imagecache	5.x-1.3	cpe:2.3:a:drewish:imagecache:5.x-1.3:::::::*
drewish	imagecache	5.x-1.4	cpe:2.3:a:drewish:imagecache:5.x-1.4:::::::*
drewish	imagecache	5.x-1.5	cpe:2.3:a:drewish:imagecache:5.x-1.5:::::::*
drewish	imagecache	5.x-1.6	cpe:2.3:a:drewish:imagecache:5.x-1.6:::::::*
drewish	imagecache	5.x-1.7	cpe:2.3:a:drewish:imagecache:5.x-1.7:::::::*
drewish	imagecache	5.x-1.x	cpe:2.3:a:drewish:imagecache:5.x-1.x:dev::::::

Rows per page:

1-10 of 321

References

drupal.org/node/554084

secunia.com/advisories/36412

exchange.xforce.ibmcloud.com/vulnerabilities/52594

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

36.7%

JSON

Related for CVE-2009-3206