PT-2009-3222 · Drupal · Views Bulk Operations

Derek Wright

Published

2009-02-13

Updated

2017-08-17

CVE-2009-0575

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Views Bulk Operations versions 5.x before 5.x-1.3 Views Bulk Operations versions 6.x before 6.x-1.4

Description A cross-site scripting issue exists in the theme views bulk operations confirmation function within the views bulk operations.module, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles.

Recommendations For Views Bulk Operations versions 5.x before 5.x-1.3, update to version 5.x-1.3 or later. For Views Bulk Operations versions 6.x before 6.x-1.4, update to version 6.x-1.4 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2009-0575

Affected Products

Views Bulk Operations

PT-2009-3222 · Drupal · Views Bulk Operations

CVE-2009-0575

Weakness Enumeration

Related Identifiers

Affected Products

References · 6