Cross site scripting

2010-01-0421:30:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title.

CPENameOperatorVersion
img_assisteq5.120.10
img_assisteq5.120.11
img_assisteq5.120.12
img_assisteq5.120.13
img_assisteq5.120.14
img_assisteq5.120.15
img_assisteq5.120.16
img_assisteq5.120.17
img_assisteq5.0.0-x1-xdev
img_assisteq5.0.0-x2.0-alpha1

Name	Operator	Version
img_assist	eq	5.120.10
img_assist	eq	5.120.11
img_assist	eq	5.120.12
img_assist	eq	5.120.13
img_assist	eq	5.120.14
img_assist	eq	5.120.15
img_assist	eq	5.120.16
img_assist	eq	5.120.17
img_assist	eq	5.0.0-x1-xdev
img_assist	eq	5.0.0-x2.0-alpha1

Rows per page:

1-10 of 201

References

osvdb.org/55866

secunia.com/advisories/35879

www.securityfocus.com/bid/35710

drupal.org/node/520564

exchange.xforce.ibmcloud.com/vulnerabilities/51786