Cross-Site Scripting Vulnerability in Drupal's Views Bulk Operations Module
CVE-2009-0575

Currently unrated

Key Information:

Vendor: Drupal
Status: Views Bulk Operations
Vendor: CVE Published:; 13 February 2009

What is CVE-2009-0575?

The Views Bulk Operations module for Drupal is vulnerable to a Cross-Site Scripting (XSS) flaw in the theme_views_bulk_operations_confirmation function. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML into the application through specific vectors related to node titles. Affected versions include 5.x prior to 5.x-1.3 and 6.x prior to 6.x-1.4. It is crucial for site administrators using these versions to apply patches to mitigate the risk of exploitation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/48516

vdb-entryx_refsource_XF

http://drupal.org/node/369223

x_refsource_CONFIRM

http://www.securityfocus.com/bid/33622

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2009
Vulnerability Reserved
Feb 13, 2009