Lucene search

MitreCVE-2009-3917

HistoryNov 09, 2009 - 5:30 p.m.

CVE-2009-3917

2009-11-0917:30:00

CWE-79

mitre

web.nvd.nist.gov

cve-2009-3917

cross-site scripting

xss

s5 presentation player

drupal

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element.

Affected configurations

Nvd

Node

drupaldrupal

AND

greg_knaddisons5Match6.x-1.0

greg_knaddisons5Match6.x-1.x-dev

VendorProductVersionCPE
drupaldrupal*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
greg_knaddisons56.x-1.0cpe:2.3:a:greg_knaddison:s5:6.x-1.0:*:*:*:*:*:*:*
greg_knaddisons56.x-1.x-devcpe:2.3:a:greg_knaddison:s5:6.x-1.x-dev:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	drupal	*	cpe:2.3:a:drupal:drupal::::::::
greg_knaddison	s5	6.x-1.0	cpe:2.3:a:greg_knaddison:s5:6.x-1.0:::::::*
greg_knaddison	s5	6.x-1.x-dev	cpe:2.3:a:greg_knaddison:s5:6.x-1.x-dev:::::::*

References

drupal.org/node/623508

osvdb.org/59678

secunia.com/advisories/37285

www.securityfocus.com/bid/36923

exchange.xforce.ibmcloud.com/vulnerabilities/54147

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Related for CVE-2009-3917