Cross-Site Scripting Vulnerability in Drupal's Views Bulk Operations Module
CVE-2009-0575

Currently unrated

Key Information:

Vendor

Drupal
Status
Views Bulk Operations
Vendor
CVE Published:
13 February 2009

What is CVE-2009-0575?

The Views Bulk Operations module for Drupal is vulnerable to a Cross-Site Scripting (XSS) flaw in the theme_views_bulk_operations_confirmation function. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML into the application through specific vectors related to node titles. Affected versions include 5.x prior to 5.x-1.3 and 6.x prior to 6.x-1.4. It is crucial for site administrators using these versions to apply patches to mitigate the risk of exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/48516
vdb-entryx_refsource_XF
http://drupal.org/node/369223
x_refsource_CONFIRM
http://www.securityfocus.com/bid/33622
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.