CVE-2009-2373

EUVD-2009-2369
Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
drupaldrupal
5.0
drupaldrupal
5.0:beta1
drupaldrupal
5.0:beta2
drupaldrupal
5.0:rc1
drupaldrupal
5.0:rc2
drupaldrupal
5.1
drupaldrupal
5.1_rev1.1:_rev1.1
drupaldrupal
5.2
drupaldrupal
5.3
drupaldrupal
5.4
drupaldrupal
5.5
drupaldrupal
5.5.
drupaldrupal
5.6
drupaldrupal
5.7
drupaldrupal
5.8
drupaldrupal
5.9
drupaldrupal
5.10
drupaldrupal
5.11
drupaldrupal
5.12
drupaldrupal
5.13
drupaldrupal
5.14
drupaldrupal
5.15
drupaldrupal
5.16
drupaldrupal
6.0
drupaldrupal
6.0:beta1
drupaldrupal
6.0:beta2
drupaldrupal
6.0:beta3
drupaldrupal
6.0:beta4
drupaldrupal
6.0:rc-1
drupaldrupal
6.0:rc-2
drupaldrupal
6.0:rc-3
drupaldrupal
6.0:rc-4
drupaldrupal
6.1
drupaldrupal
6.2
drupaldrupal
6.3
drupaldrupal
6.4
drupaldrupal
6.5
drupaldrupal
6.6
drupaldrupal
6.7
drupaldrupal
6.8
drupaldrupal
6.9
drupaldrupal
6.10
drupaldrupal
6.11
drupaldrupal
6.12
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal6
dapper
dne
hardy
dne
intrepid
dne
jaunty
Fixed 6.10-1ubuntu0.1
released
Common Weakness Enumeration
References
http://drupal.org/node/507572
http://osvdb.org/55524
http://secunia.com/advisories/35681
http://drupal.org/node/507572
http://osvdb.org/55524
http://secunia.com/advisories/35681