CVE-2009-2078

Published Jun 16, 2009

Last updated 16 years ago

CVSS info 4.3

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:heine.familiedeelstra:booktree:5.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFA9D8E8-E20C-4131-90CA-EC49A8FA2FE1"
          },
          {
            "criteria": "cpe:2.3:a:heine.familiedeelstra:booktree:5.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1482E7E5-2D58-4238-9686-26236C5FFA35"
          },
          {
            "criteria": "cpe:2.3:a:heine.familiedeelstra:booktree:5.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F4FBF6D-56C5-4FD7-9FC6-E7120FB788CC"
          },
          {
            "criteria": "cpe:2.3:a:heine.familiedeelstra:booktree:5.x-1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4D4AB34-F67D-46E7-B6DB-7CB03C413EAB"
          },
          {
            "criteria": "cpe:2.3:a:heine.familiedeelstra:booktree:5.x-1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B726C19F-9653-423A-A411-591AEDC3B440"
          },
          {
            "criteria": "cpe:2.3:a:heine.familiedeelstra:booktree:5.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E0FEEB8-6DA5-47DC-AF67-D68B2B96A655"
          },
          {
            "criteria": "cpe:2.3:a:heine.familiedeelstra:booktree:5.x-7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09DDD2AD-F8C8-4534-B084-FB764C3C8E91"
          },
          {
            "criteria": "cpe:2.3:a:heine.familiedeelstra:booktree:5.x-7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DF6F4FC-5376-4849-9C59-23C5DCF8D9F4"
          },
          {
            "criteria": "cpe:2.3:a:heine.familiedeelstra:booktree:5.x-7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F34584E7-A0F8-4C52-B3F0-B87C27B2D516"
          },
          {
            "criteria": "cpe:2.3:a:heine.familiedeelstra:booktree:6.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7664EE52-AE96-44E1-89B2-9F54C9E4FA54"
          },
          {
            "criteria": "cpe:2.3:a:heine.familiedeelstra:booktree:6.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11791885-AF1E-4D31-B300-B2653B51F7D2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References