Lucene search

MitreCVE-2009-4829

HistoryApr 27, 2010 - 3:30 p.m.

CVE-2009-4829

2010-04-2715:30:01

CWE-79

mitre

web.nvd.nist.gov

cve-2009-4829

xss

drupal

vulnerability

web security

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

45.0%

JSON

Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

james_glasgowautologoutMatch6.x-1.0beta

james_glasgowautologoutMatch6.x-1.1

james_glasgowautologoutMatch6.x-1.4

james_glasgowautologoutMatch6.x-1.6

james_glasgowautologoutMatch6.x-1.xdev

james_glasgowautologoutMatch6.x-2.0

james_glasgowautologoutMatch6.x-2.1

john_vandervortautologoutMatch6.x-1.1beta

john_vandervortautologoutMatch6.x-1.2

john_vandervortautologoutMatch6.x-1.3

john_vandervortautologoutMatch6.x-1.5

john_vandervortautologoutMatch6.x-2.2

john_vandervortautologoutMatch6.x-2.xdev

AND

drupaldrupal

VendorProductVersionCPE
james_glasgowautologout6.x-1.0cpe:2.3:a:james_glasgow:autologout:6.x-1.0:beta:*:*:*:*:*:*
james_glasgowautologout6.x-1.1cpe:2.3:a:james_glasgow:autologout:6.x-1.1:*:*:*:*:*:*:*
james_glasgowautologout6.x-1.4cpe:2.3:a:james_glasgow:autologout:6.x-1.4:*:*:*:*:*:*:*
james_glasgowautologout6.x-1.6cpe:2.3:a:james_glasgow:autologout:6.x-1.6:*:*:*:*:*:*:*
james_glasgowautologout6.x-1.xcpe:2.3:a:james_glasgow:autologout:6.x-1.x:dev:*:*:*:*:*:*
james_glasgowautologout6.x-2.0cpe:2.3:a:james_glasgow:autologout:6.x-2.0:*:*:*:*:*:*:*
james_glasgowautologout6.x-2.1cpe:2.3:a:james_glasgow:autologout:6.x-2.1:*:*:*:*:*:*:*
john_vandervortautologout6.x-1.1cpe:2.3:a:john_vandervort:autologout:6.x-1.1:beta:*:*:*:*:*:*
john_vandervortautologout6.x-1.2cpe:2.3:a:john_vandervort:autologout:6.x-1.2:*:*:*:*:*:*:*
john_vandervortautologout6.x-1.3cpe:2.3:a:john_vandervort:autologout:6.x-1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
james_glasgow	autologout	6.x-1.0	cpe:2.3:a:james_glasgow:autologout:6.x-1.0:beta::::::
james_glasgow	autologout	6.x-1.1	cpe:2.3:a:james_glasgow:autologout:6.x-1.1:::::::*
james_glasgow	autologout	6.x-1.4	cpe:2.3:a:james_glasgow:autologout:6.x-1.4:::::::*
james_glasgow	autologout	6.x-1.6	cpe:2.3:a:james_glasgow:autologout:6.x-1.6:::::::*
james_glasgow	autologout	6.x-1.x	cpe:2.3:a:james_glasgow:autologout:6.x-1.x:dev::::::
james_glasgow	autologout	6.x-2.0	cpe:2.3:a:james_glasgow:autologout:6.x-2.0:::::::*
james_glasgow	autologout	6.x-2.1	cpe:2.3:a:james_glasgow:autologout:6.x-2.1:::::::*
john_vandervort	autologout	6.x-1.1	cpe:2.3:a:john_vandervort:autologout:6.x-1.1:beta::::::
john_vandervort	autologout	6.x-1.2	cpe:2.3:a:john_vandervort:autologout:6.x-1.2:::::::*
john_vandervort	autologout	6.x-1.3	cpe:2.3:a:john_vandervort:autologout:6.x-1.3:::::::*

Rows per page:

1-10 of 141

References

drupal.org/node/667084

drupal.org/node/667086

drupal.org/node/667094

osvdb.org/61295

secunia.com/advisories/37878

www.securityfocus.com/bid/37462

www.vupen.com/english/advisories/2009/3633

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

45.0%

JSON

Related for CVE-2009-4829