Cross site scripting

2009-03-0502:30:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.5%

JSON

Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with “administer site configuration” permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.

CPENameOperatorVersion
protected_node_moduleeq5.0.120
protected_node_moduleeq5.120.10
protected_node_moduleeq5.120.12
protected_node_moduleeq5.120.13
protected_node_moduleeq5.0.0-x1-xdev
protected_node_moduleeq6.120.10
protected_node_moduleeq6.120.12
protected_node_moduleeq6.120.13
protected_node_moduleeq6.120.14

Name	Operator	Version
protected_node_module	eq	5.0.120
protected_node_module	eq	5.120.10
protected_node_module	eq	5.120.12
protected_node_module	eq	5.120.13
protected_node_module	eq	5.0.0-x1-xdev
protected_node_module	eq	6.120.10
protected_node_module	eq	6.120.12
protected_node_module	eq	6.120.13
protected_node_module	eq	6.120.14

References

lampsecurity.org/node/28

osvdb.org/52300

secunia.com/advisories/34060

www.vupen.com/english/advisories/2009/0572

drupal.org/node/385950

drupal.org/node/386604

drupal.org/node/386606

exchange.xforce.ibmcloud.com/vulnerabilities/48980