Back to search
CVE-2009-0817
Published: Mar 5, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://drupal.org/node/385950
x_refsource_CONFIRM
34060
third-party-advisory
x_refsource_SECUNIA
protectednode-passwordpage-xss(48980)
vdb-entry
x_refsource_XF
ADV-2009-0572
vdb-entry
x_refsource_VUPEN
52300
vdb-entry
x_refsource_OSVDB
http://lampsecurity.org/node/28
x_refsource_MISC
http://drupal.org/node/386606
x_refsource_CONFIRM
http://drupal.org/node/386604
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now