Lucene search

[email protected]CVE-2009-1575

HistoryMay 06, 2009 - 5:30 p.m.

CVE-2009-1575

2009-05-0617:30:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-1575

cross-site scripting

xss

drupal

remote code injection

internet explorer 6

internet explorer 7

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.

Affected configurations

NVD

Node

drupaldrupalMatch5.0

drupaldrupalMatch5.0beta1

drupaldrupalMatch5.0beta2

drupaldrupalMatch5.0rc1

drupaldrupalMatch5.0rc2

drupaldrupalMatch5.1

drupaldrupalMatch5.1_rev1.1

drupaldrupalMatch5.2

drupaldrupalMatch5.3

drupaldrupalMatch5.4

drupaldrupalMatch5.5

drupaldrupalMatch5.5.

drupaldrupalMatch5.6

drupaldrupalMatch5.7

drupaldrupalMatch5.8

drupaldrupalMatch5.9

drupaldrupalMatch5.10

drupaldrupalMatch5.11

drupaldrupalMatch5.12

drupaldrupalMatch5.13

drupaldrupalMatch5.14

drupaldrupalMatch5.15

drupaldrupalMatch5.16

drupaldrupalMatch6

drupaldrupalMatch6beta1

drupaldrupalMatch6.0

drupaldrupalMatch6.0beta1

drupaldrupalMatch6.0beta2

drupaldrupalMatch6.0beta3

drupaldrupalMatch6.0beta4

drupaldrupalMatch6.0rc-1

drupaldrupalMatch6.0rc-2

drupaldrupalMatch6.0rc-3

drupaldrupalMatch6.0rc-4

drupaldrupalMatch6.1

drupaldrupalMatch6.2

drupaldrupalMatch6.3

drupaldrupalMatch6.4

drupaldrupalMatch6.5

drupaldrupalMatch6.6

drupaldrupalMatch6.7

drupaldrupalMatch6.8

drupaldrupalMatch6.9

drupaldrupalMatch6.10

CPENameOperatorVersion
drupal:drupaldrupaleq5.0
drupal:drupaldrupaleq5.1
drupal:drupaldrupaleq5.1_rev1.1
drupal:drupaldrupaleq5.2
drupal:drupaldrupaleq5.3
drupal:drupaldrupaleq5.4
drupal:drupaldrupaleq5.5
drupal:drupaldrupaleq5.5.
drupal:drupaldrupaleq5.6
drupal:drupaldrupaleq5.7

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	5.0
drupal:drupal	drupal	eq	5.1
drupal:drupal	drupal	eq	5.1_rev1.1
drupal:drupal	drupal	eq	5.2
drupal:drupal	drupal	eq	5.3
drupal:drupal	drupal	eq	5.4
drupal:drupal	drupal	eq	5.5
drupal:drupal	drupal	eq	5.5.
drupal:drupal	drupal	eq	5.6
drupal:drupal	drupal	eq	5.7