Cross-Site Scripting Vulnerability in Drupal Link Module by Drupal
CVE-2009-0603

Currently unrated

Key Information:

Vendor: Drupal
Status: Link Module
Vendor: CVE Published:; 16 February 2009

What is CVE-2009-0603?

The Link module for Drupal contains a cross-site scripting vulnerability in the index.php file that allows remote authenticated users with 'administer content types' permissions to inject malicious scripts or HTML through the description field, known as the Help field. This can lead to unauthorized actions and exposure of sensitive information through malicious web content.

References

http://osvdb.org/51780

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/33835

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/33642

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2009
Vulnerability Reserved
Feb 16, 2009

CVE-2009-0603 Data

JSON