CVE-2009-1249

Published Apr 6, 2009

Last updated 16 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:feedapi_mapper:5.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9D7AF9A-4FEE-493E-9DEA-A4C9F00755F2"
          },
          {
            "criteria": "cpe:2.3:a:drupal:feedapi_mapper:5.x-1.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F2B1FF7-6DC9-486D-B798-2637943B6175"
          },
          {
            "criteria": "cpe:2.3:a:drupal:feedapi_mapper:5.x-1.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDC54361-B0BE-4F18-9BB0-954896960B05"
          },
          {
            "criteria": "cpe:2.3:a:drupal:feedapi_mapper:5.x-1.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6488C64C-60D0-45FA-A7D5-3ADF3CC61BA9"
          },
          {
            "criteria": "cpe:2.3:a:drupal:feedapi_mapper:5.x-1.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20A57654-5776-4400-AF95-8DE74A727426"
          },
          {
            "criteria": "cpe:2.3:a:drupal:feedapi_mapper:5.x-1.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F4D02C8-842F-40DC-ABF4-AD6BDD4519B0"
          },
          {
            "criteria": "cpe:2.3:a:drupal:feedapi_mapper:5.x-1.0:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8402B0F-688A-4F7D-B9AF-74D19AFAACD9"
          },
          {
            "criteria": "cpe:2.3:a:drupal:feedapi_mapper:5.x-1.0:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80BD5743-720B-4BDC-BF86-C275D2635C22"
          },
          {
            "criteria": "cpe:2.3:a:drupal:feedapi_mapper:5.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE8BD67A-FB6D-4DAE-A5FF-0A584176C815"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References