NVD

Id
51492  
Name
CVE-2009-4369  
Description
Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2009-12-21  
Modified Date
2012-01-05  
Seq
2009-4369  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
261190 51492 CVE-2009-4369 http://drupal.org/files/sa-core-2009-009/SA-CORE-2009-009-6.14.patch  View
261191 51492 CVE-2009-4369 http://drupal.org/node/661586  View
261192 51492 CVE-2009-4369 http://www.madirish.net/?article=441  View
261193 51492 CVE-2009-4369 37372  View
261194 51492 CVE-2009-4369 drupal-contact-xss(54867)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
41469 JVNDB-2009-002476 Drupal の Contact モジュールにおけるクロスサイトスクリプティングの脆弱性 Drupal の Contact モジュールには、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2009-4369 41800 CVE-2009-4369 51492 3.5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002476.html 2009-12-16 2010-02-02 View