Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1738

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2009-1738
Last Modified 14 Sep 2012 12:00:00
Published 20 May 2009 03:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2009-1738

Summary

Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items."

Vulnerable Systems

Application

  • Ivanjaros Feed Block 6.x-1.0

  • Ivanjaros Feed Block 6.x-1.x


References

CONFIRM - http://drupal.org/node/461706

CONFIRM - http://drupal.org/node/453098

XF - feedblock-unspecified-xss(50521)

VUPEN - ADV-2009-1319

BID - 34953

OSVDB - 54429

SECUNIA - 35044


Last Updated: 27 May 2016 10:49:41