Cross-Site Scripting Vulnerability in Drupal Views Module
CVE-2009-2076

Currently unrated

Key Information:

Vendor

Drupal
Status
Views
Vendor
CVE Published:
16 June 2009

What is CVE-2009-2076?

A cross-site scripting (XSS) vulnerability exists in the Views module for Drupal, affecting versions prior to 6.x-2.6. This vulnerability allows remote authenticated users to inject arbitrary web scripts or HTML into the application through exposed filters in the Views UI administrative interface and the view name parameter within the define custom views feature. The second vector of exploitation can only be executed by users with administrator-level permissions for the Views feature.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lampsecurity.org/drupal-views-xss-vulnerability
x_refsource_MISC
http://drupal.org/node/488082
x_refsource_CONFIRM
http://www.securityfocus.com/bid/35304
vdb-entryx_refsource_BID

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.