CVE-2009-1575

medium

Description

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.

References

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00133.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00108.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/50250

http://www.vupen.com/english/advisories/2009/1216

http://www.vbdrupal.org/forum/showthread.php?p=9953#post9953

http://www.osvdb.org/54152

http://www.debian.org/security/2009/dsa-1792

http://secunia.com/advisories/34980

http://secunia.com/advisories/34950

http://secunia.com/advisories/34948

http://drupal.org/node/449078

Details

Source: Mitre, NVD

Published: 2009-05-06

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium