Cross site scripting

2009-06-1619:30:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page.

CPENameOperatorVersion
booktreeeq5.120.11
booktreeeq5.120.12
booktreeeq5.120.13
booktreeeq5.120.14
booktreeeq5.120.19
booktreeeq5.x-1.x dev
booktreeeq5.120.70
booktreeeq5.120.71
booktreeeq5.120.72
booktreeeq6.120.10

Name	Operator	Version
booktree	eq	5.120.11
booktree	eq	5.120.12
booktree	eq	5.120.13
booktree	eq	5.120.14
booktree	eq	5.120.19
booktree	eq	5.x-1.x dev
booktree	eq	5.120.70
booktree	eq	5.120.71
booktree	eq	5.120.72
booktree	eq	6.120.10

Rows per page:

1-10 of 111

References

secunia.com/advisories/35421

www.securityfocus.com/bid/35287

drupal.org/node/487810

drupal.org/node/487812

drupal.org/node/487828