CVE-2009-4524

2009-12-3119:00:00

mitre

www.cve.org

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

72.6%

JSON

Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.

References

drupal.org/node/604760

osvdb.org/58944

secunia.com/advisories/37058

www.securityfocus.com/bid/36699

www.vupen.com/english/advisories/2009/2921

exchange.xforce.ibmcloud.com/vulnerabilities/53787