PT-2009-5731 · Drupal · Drupal Markdown Preview Module

David Needham

Publicado

2009-09-28

Atualizado

2009-09-30

CVE-2009-3437

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Drupal Markdown Preview module version 6.x

Description A cross-site scripting (XSS) issue exists in the live preview feature of the Markdown Preview module, allowing remote attackers to inject arbitrary web script or HTML via Markdown input.

Recommendations For Drupal Markdown Preview module version 6.x, update the module to a version that fixes this issue. If no specific fix is provided for version 6.x, consider disabling the live preview feature in the Markdown Preview module as a temporary workaround to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2009-3437

Produtos afetados

Drupal Markdown Preview Module

PT-2009-5731 · Drupal · Drupal Markdown Preview Module

CVE-2009-3437

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3