Cross site scripting

2011-09-1319:59:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter.

CPENameOperatorVersion
flag_contenteq5.120.20
flag_contenteq5.120.21
flag_contenteq5.120.22
flag_contenteq5.120.24
flag_contenteq5.120.25
flag_contenteq5.120.26
flag_contenteq5.120.27
flag_contenteq5.120.28
flag_contenteq5.120.29
flag_contenteq5.0.0-x2-xdev

Name	Operator	Version
flag_content	eq	5.120.20
flag_content	eq	5.120.21
flag_content	eq	5.120.22
flag_content	eq	5.120.24
flag_content	eq	5.120.25
flag_content	eq	5.120.26
flag_content	eq	5.120.27
flag_content	eq	5.120.28
flag_content	eq	5.120.29
flag_content	eq	5.0.0-x2-xdev

References

osvdb.org/59119

secunia.com/advisories/37124

www.securityfocus.com/bid/36785

www.vupen.com/english/advisories/2009/2999

drupal.org/node/610868

drupal.org/node/610870

exchange.xforce.ibmcloud.com/vulnerabilities/53900