Back to search
CVE-2009-4513
Published: Dec 31, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
workflow-names-states-xss(54028)
vdb-entry
x_refsource_XF
36878
vdb-entry
x_refsource_BID
http://drupal.org/node/612834
x_refsource_CONFIRM
http://drupal.org/node/612832
x_refsource_CONFIRM
http://drupal.org/node/617456
x_refsource_CONFIRM
ADV-2009-3089
vdb-entry
x_refsource_VUPEN
37203
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now