CVE-2009-4063

Published Nov 24, 2009

Last updated 8 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5EB14B4-6EF7-4836-ADE6-8A03E2637871"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EFCDF07-35A7-4C95-9B26-B514BCD0211A"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC63A1F1-6902-4B36-83EE-8F3007C0A20D"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.0:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9379B62C-4175-4899-AE44-952CE046AE5E"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CC75C07-83C5-4E0A-BB1B-CB3B6E7C72AF"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "367270C1-1923-41ED-8A94-2F332177F173"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D130182-416A-4016-934E-88FFF319B9FD"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-3.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F7B8CBD-B789-48F1-AAB0-813311564720"
          },
          {
            "criteria": "cpe:2.3:a:ezra_barnett_gildesgame:og_subgroups:5.x-4.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35671AC0-9E39-4891-AAD6-99252D488F55"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References