CVE-2009-4829

Published Apr 27, 2010

Last updated 15 years ago

CVSS info 2.1

Overview

Description: Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:james_glasgow:autologout:6.x-1.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6F68682-67B5-42F0-BF60-A5A1B43A3702"
          },
          {
            "criteria": "cpe:2.3:a:james_glasgow:autologout:6.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8D1DDB6-6234-4AD9-9349-76353D2FF57A"
          },
          {
            "criteria": "cpe:2.3:a:james_glasgow:autologout:6.x-1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94E0F735-DBA1-4E43-9127-3A4134A9935A"
          },
          {
            "criteria": "cpe:2.3:a:james_glasgow:autologout:6.x-1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C537650-EAA6-4C5E-A05C-C51D72384CED"
          },
          {
            "criteria": "cpe:2.3:a:james_glasgow:autologout:6.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72033073-E9E9-4E22-9F5A-05E8C02B8CD6"
          },
          {
            "criteria": "cpe:2.3:a:james_glasgow:autologout:6.x-2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E78EF0F1-7B90-4A5F-93B0-724C37F6C618"
          },
          {
            "criteria": "cpe:2.3:a:james_glasgow:autologout:6.x-2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "219023F5-7C3D-4FA5-A45F-5F46620E1857"
          },
          {
            "criteria": "cpe:2.3:a:john_vandervort:autologout:6.x-1.1:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C8AD83F-B705-464E-8AA1-4C718B492572"
          },
          {
            "criteria": "cpe:2.3:a:john_vandervort:autologout:6.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CCD4B0A-E336-4216-9E63-E7AB0BFAA780"
          },
          {
            "criteria": "cpe:2.3:a:john_vandervort:autologout:6.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57AA5C63-72F9-4A06-A577-42B864D563C0"
          },
          {
            "criteria": "cpe:2.3:a:john_vandervort:autologout:6.x-1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0431926C-564D-4D3F-8E72-F1F8668342E9"
          },
          {
            "criteria": "cpe:2.3:a:john_vandervort:autologout:6.x-2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4903FCB-4B5B-4C42-B1F4-585C8CBF6E76"
          },
          {
            "criteria": "cpe:2.3:a:john_vandervort:autologout:6.x-2.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C76E4310-8443-4963-A612-3A2085ECD375"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References