Vulnerability Name:

CVE-2009-3915 (CCN-54142)

Assigned:2009-11-04
Published:2009-11-04
Updated:2017-08-17
Summary:Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-3915

Source: CONFIRM
Type: Patch, Vendor Advisory
http://drupal.org/node/620662

Source: CONFIRM
Type: Patch, Vendor Advisory
http://drupal.org/node/620668

Source: CCN
Type: SA-CONTRIB-2009-096
Link - Cross Site Scripting

Source: CONFIRM
Type: Patch, Vendor Advisory
http://drupal.org/node/623562

Source: OSVDB
Type: UNKNOWN
59672

Source: CCN
Type: SA37289
Drupal Link Module Script Insertion Vulnerability

Source: SECUNIA
Type: Vendor Advisory
37289

Source: CCN
Type: OSVDB ID: 59672
Link Module for Drupal Link Title Parameter XSS

Source: BID
Type: Patch
36928

Source: CCN
Type: BID-36928
Drupal Link Module 'Link Title' HTML Injection Vulnerability

Source: XF
Type: UNKNOWN
link-title-xss(54142)

Source: XF
Type: UNKNOWN
link-title-xss(54142)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:drupal:drupal:*:*:*:*:*:*:*:*
  • AND
  • cpe:/a:john_c_fiala:link:5.x-1.1:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:5.x-1.2:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:5.x-1.3:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:5.x-1.4:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:5.x-1.5:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:5.x-1.x-dev:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:5.x-2.0:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:5.x-2.1:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:5.x-2.2:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:5.x-2.3:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:5.x-2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:5.x-2.4:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:5.x-2.5:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-1.x-dev:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-2.1:beta1:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-2.1:beta2:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-2.1:beta3:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-2.1:beta4:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-2.2:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-2.3:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-2.5:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-2.6:*:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-2.6:beta1:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-2.6:beta2:*:*:*:*:*:*
  • OR cpe:/a:john_c_fiala:link:6.x-2.6:beta3:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:drupal:link_module:5.x-2.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    drupal drupal *
    john_c_fiala link 5.x-1.1
    john_c_fiala link 5.x-1.2
    john_c_fiala link 5.x-1.3
    john_c_fiala link 5.x-1.4
    john_c_fiala link 5.x-1.5
    john_c_fiala link 5.x-1.x-dev
    john_c_fiala link 5.x-2.0
    john_c_fiala link 5.x-2.1
    john_c_fiala link 5.x-2.2
    john_c_fiala link 5.x-2.3
    john_c_fiala link 5.x-2.3.1
    john_c_fiala link 5.x-2.4
    john_c_fiala link 5.x-2.5
    john_c_fiala link 6.x-1.x-dev
    john_c_fiala link 6.x-2.1 beta1
    john_c_fiala link 6.x-2.1 beta2
    john_c_fiala link 6.x-2.1 beta3
    john_c_fiala link 6.x-2.1 beta4
    john_c_fiala link 6.x-2.2
    john_c_fiala link 6.x-2.3
    john_c_fiala link 6.x-2.3.1
    john_c_fiala link 6.x-2.5
    john_c_fiala link 6.x-2.6
    john_c_fiala link 6.x-2.6 beta1
    john_c_fiala link 6.x-2.6 beta2
    john_c_fiala link 6.x-2.6 beta3
    drupal link module 5.x-2.5