| Vulnerability Name: | CVE-2009-2076 (CCN-51056) | ||||||||
| Assigned: | 2009-06-10 | ||||||||
| Published: | 2009-06-10 | ||||||||
| Updated: | 2009-06-29 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. Note: vector 2 is only exploitable by users with administer views permissions. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-2076 Source: CCN Type: DRUPAL-SA-CONTRIB-2009-037 SA-CONTRIB-2009-037 - Views - Multiple vulnerabilities Source: CONFIRM Type: Patch, Vendor Advisory http://drupal.org/node/488068 Source: CONFIRM Type: Patch http://drupal.org/node/488082 Source: CCN Type: LAMP Security Web site Drupal 6 Views Module XSS Vulnerability Source: MISC Type: Exploit http://lampsecurity.org/drupal-views-xss-vulnerability Source: CCN Type: SA35425 Drupal Views Module Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 35425 Source: BID Type: UNKNOWN 35304 Source: CCN Type: BID-35304 Drupal Views Module Multiple Security Bypass and HTML Injection Vulnerabilities Source: XF Type: UNKNOWN views-views-xss(51056) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2009-2076 (CCN-51057) | ||||||||
| Assigned: | 2009-06-10 | ||||||||
| Published: | 2009-06-10 | ||||||||
| Updated: | 2009-06-29 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. Note: vector 2 is only exploitable by users with administer views permissions. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-2076 Source: CCN Type: DRUPAL-SA-CONTRIB-2009-037 SA-CONTRIB-2009-037 - Views - Multiple vulnerabilities Source: CCN Type: LAMP Security Web site Drupal 6 Views Module XSS Vulnerability Source: CCN Type: SA35425 Drupal Views Module Multiple Vulnerabilities Source: CCN Type: BID-35304 Drupal Views Module Multiple Security Bypass and HTML Injection Vulnerabilities Source: XF Type: UNKNOWN views-filter-xss(51057) | ||||||||
| BACK | |||||||||