PT-2009-3244 · Drupal · Drupal Linkit Module+1

Published

2009-02-16

Updated

2017-08-17

CVE-2009-0603

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Drupal Link module version 5.x-2.5 for Drupal 5.10

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users with 'administer content types' privileges to inject arbitrary web script or HTML via the description parameter, also known as the Help field.

Recommendations For Drupal Link module version 5.x-2.5, avoid using the description parameter in the index.php file until a fix is available. As a temporary workaround, consider restricting access to the Link module for users with 'administer content types' privileges to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2009-0603

Affected Products

Drupal

Drupal Linkit Module

PT-2009-3244 · Drupal · Drupal Linkit Module+1

CVE-2009-0603

Weakness Enumeration

Related Identifiers

Affected Products

References · 7