[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3156Date: (C)2009-09-10   (M)2024-02-22


Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-35790
SECUNIA-36006
OSVDB-56608
ADV-2009-2103
FEDORA-2009-8162
FEDORA-2009-8184
drupal-date-datetools-xss(52143)
http://drupal.org/node/534332
http://drupal.org/node/534636
http://lampsecurity.org/drupal-date-xss-vulnerability

CWE    1
CWE-79

© SecPod Technologies