Vulnerability Name:

CVE-2009-3479 (CCN-52149)

Assigned:2009-07-29
Published:2009-07-29
Updated:2009-10-01
Summary:Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-3479

Source: CONFIRM
Type: Patch, Vendor Advisory
http://drupal.org/node/534744

Source: CONFIRM
Type: Patch, Vendor Advisory
http://drupal.org/node/534752

Source: CCN
Type: DRUPAL-SA-CONTRIB-2009-048
SA-CONTRIB-2009-048 - Bibliography Module - Cross Site Scripting

Source: CONFIRM
Type: Patch, Vendor Advisory
http://drupal.org/node/534842

Source: CCN
Type: SA36083
Drupal Bibliography Module Script Insertion Vulnerability

Source: SECUNIA
Type: Vendor Advisory
36083

Source: CCN
Type: OSVDB ID: 56609
Bibliography Module for Drupal Title Field XSS

Source: BID
Type: Patch
35865

Source: CCN
Type: BID-35865
Drupal Bibliography Module 'title' HTML Injection Vulnerability

Source: XF
Type: UNKNOWN
drupal-bibliography-titles-xss(52149)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:drupal:drupal:*:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ron_jerome:bibliography:5.x-1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.8:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.9:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.10:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.11:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.12:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.13:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.14:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.15:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.16:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.x-dev:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta1:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta2:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta3:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta4:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta5:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta6:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta7:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta8:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta9:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.x-dev:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    drupal drupal *
    ron_jerome bibliography 5.x-1.0
    ron_jerome bibliography 5.x-1.1
    ron_jerome bibliography 5.x-1.2
    ron_jerome bibliography 5.x-1.3
    ron_jerome bibliography 5.x-1.4
    ron_jerome bibliography 5.x-1.5
    ron_jerome bibliography 5.x-1.6
    ron_jerome bibliography 5.x-1.7
    ron_jerome bibliography 5.x-1.8
    ron_jerome bibliography 5.x-1.9
    ron_jerome bibliography 5.x-1.10
    ron_jerome bibliography 5.x-1.11
    ron_jerome bibliography 5.x-1.12
    ron_jerome bibliography 5.x-1.13
    ron_jerome bibliography 5.x-1.14
    ron_jerome bibliography 5.x-1.15
    ron_jerome bibliography 5.x-1.16
    ron_jerome bibliography 5.x-1.x-dev
    ron_jerome bibliography 6.x-1.0
    ron_jerome bibliography 6.x-1.0 rc1
    ron_jerome bibliography 6.x-1.0 rc2
    ron_jerome bibliography 6.x-1.0 rc3
    ron_jerome bibliography 6.x-1.0 rc4
    ron_jerome bibliography 6.x-1.0 rc5
    ron_jerome bibliography 6.x-1.0-beta1
    ron_jerome bibliography 6.x-1.0-beta2
    ron_jerome bibliography 6.x-1.0-beta3
    ron_jerome bibliography 6.x-1.0-beta4
    ron_jerome bibliography 6.x-1.0-beta5
    ron_jerome bibliography 6.x-1.0-beta6
    ron_jerome bibliography 6.x-1.0-beta7
    ron_jerome bibliography 6.x-1.0-beta8
    ron_jerome bibliography 6.x-1.0-beta9
    ron_jerome bibliography 6.x-1.1
    ron_jerome bibliography 6.x-1.2
    ron_jerome bibliography 6.x-1.3
    ron_jerome bibliography 6.x-1.4
    ron_jerome bibliography 6.x-1.5
    ron_jerome bibliography 6.x-1.x-dev