Lucene search

[email protected]NVD:CVE-2009-4063

HistoryNov 24, 2009 - 2:30 a.m.

CVE-2009-4063

2009-11-2402:30:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.9%

JSON

Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles.

Affected configurations

Nvd

Node

drupaldrupal

AND

ezra_barnett_gildesgameog_subgroupsMatch5.x-1.xdev

ezra_barnett_gildesgameog_subgroupsMatch5.x-2.0

ezra_barnett_gildesgameog_subgroupsMatch5.x-3.0

ezra_barnett_gildesgameog_subgroupsMatch5.x-3.0dev

ezra_barnett_gildesgameog_subgroupsMatch5.x-3.1

ezra_barnett_gildesgameog_subgroupsMatch5.x-3.2

ezra_barnett_gildesgameog_subgroupsMatch5.x-3.3

ezra_barnett_gildesgameog_subgroupsMatch5.x-3.xdev

ezra_barnett_gildesgameog_subgroupsMatch5.x-4.xdev

VendorProductVersionCPE
drupaldrupal*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
ezra_barnett_gildesgameog_subgroups5.x-1.xcpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-1.x:dev:*:*:*:*:*:*
ezra_barnett_gildesgameog_subgroups5.x-2.0cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-2.0:*:*:*:*:*:*:*
ezra_barnett_gildesgameog_subgroups5.x-3.0cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.0:*:*:*:*:*:*:*
ezra_barnett_gildesgameog_subgroups5.x-3.0cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.0:dev:*:*:*:*:*:*
ezra_barnett_gildesgameog_subgroups5.x-3.1cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.1:*:*:*:*:*:*:*
ezra_barnett_gildesgameog_subgroups5.x-3.2cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.2:*:*:*:*:*:*:*
ezra_barnett_gildesgameog_subgroups5.x-3.3cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.3:*:*:*:*:*:*:*
ezra_barnett_gildesgameog_subgroups5.x-3.xcpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.x:dev:*:*:*:*:*:*
ezra_barnett_gildesgameog_subgroups5.x-4.xcpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-4.x:dev:*:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	drupal	*	cpe:2.3:a:drupal:drupal::::::::
ezra_barnett_gildesgame	og_subgroups	5.x-1.x	cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-1.x:dev::::::
ezra_barnett_gildesgame	og_subgroups	5.x-2.0	cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-2.0:::::::*
ezra_barnett_gildesgame	og_subgroups	5.x-3.0	cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.0:::::::*
ezra_barnett_gildesgame	og_subgroups	5.x-3.0	cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.0:dev::::::
ezra_barnett_gildesgame	og_subgroups	5.x-3.1	cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.1:::::::*
ezra_barnett_gildesgame	og_subgroups	5.x-3.2	cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.2:::::::*
ezra_barnett_gildesgame	og_subgroups	5.x-3.3	cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.3:::::::*
ezra_barnett_gildesgame	og_subgroups	5.x-3.x	cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.x:dev::::::
ezra_barnett_gildesgame	og_subgroups	5.x-4.x	cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-4.x:dev::::::

References

drupal.org/node/630004

drupal.org/node/636562

osvdb.org/60287

secunia.com/advisories/37438

www.securityfocus.com/bid/37056

exchange.xforce.ibmcloud.com/vulnerabilities/54341

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.9%

JSON

Related for NVD:CVE-2009-4063

prion1 cvelist1 cve1