CVE-2009-0817

2009-03-0502:00:00

mitre

www.cve.org

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.5%

JSON

Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with “administer site configuration” permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.

References

drupal.org/node/385950

drupal.org/node/386604

drupal.org/node/386606

lampsecurity.org/node/28

osvdb.org/52300

secunia.com/advisories/34060

www.vupen.com/english/advisories/2009/0572

exchange.xforce.ibmcloud.com/vulnerabilities/48980