CVE-2009-5096

Published Sep 13, 2011

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:khalid_baheyeldin:flag_content:5.x-2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BE939BE-E5A8-4553-BE5C-3C058CD97817"
          },
          {
            "criteria": "cpe:2.3:a:khalid_baheyeldin:flag_content:5.x-2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2F69839-284F-49B8-B705-0C4236D52B51"
          },
          {
            "criteria": "cpe:2.3:a:khalid_baheyeldin:flag_content:5.x-2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBEF1385-3146-4A48-89B6-9E41FE36013D"
          },
          {
            "criteria": "cpe:2.3:a:khalid_baheyeldin:flag_content:5.x-2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2E45BE1-5152-45B5-B99E-0A93E1BFD3FF"
          },
          {
            "criteria": "cpe:2.3:a:khalid_baheyeldin:flag_content:5.x-2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BCAD8B4-4E10-4364-B6B2-48F8A099551E"
          },
          {
            "criteria": "cpe:2.3:a:khalid_baheyeldin:flag_content:5.x-2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4544EF0-6F8D-4D59-A15F-1A2EDC83FDB2"
          },
          {
            "criteria": "cpe:2.3:a:khalid_baheyeldin:flag_content:5.x-2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64DDED72-1471-410D-8F9B-FBECFB7CBBF4"
          },
          {
            "criteria": "cpe:2.3:a:khalid_baheyeldin:flag_content:5.x-2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4010ED9C-2B9F-4DC5-92A4-537C0A2C3E8F"
          },
          {
            "criteria": "cpe:2.3:a:khalid_baheyeldin:flag_content:5.x-2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE6C535C-6F32-4536-B08E-250CD1569CC7"
          },
          {
            "criteria": "cpe:2.3:a:khalid_baheyeldin:flag_content:5.x-2.x-dev:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5FA2767-862C-4D80-8A5D-4DFB95B4CC9C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References