All the vulnerabilites related to nancy_wichmann - realname
cve-2009-4524
Vulnerability from cvelistv5
Published
2009-12-31 19:00
Modified
2024-08-07 07:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
References
http://www.securityfocus.com/bid/36699vdb-entry, x_refsource_BID
http://secunia.com/advisories/37058third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2921vdb-entry, x_refsource_VUPEN
http://osvdb.org/58944vdb-entry, x_refsource_OSVDB
http://drupal.org/node/604760x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/53787vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:08:37.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "36699",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36699"
          },
          {
            "name": "37058",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37058"
          },
          {
            "name": "ADV-2009-2921",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2921"
          },
          {
            "name": "58944",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/58944"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://drupal.org/node/604760"
          },
          {
            "name": "realname-user-profile-xss(53787)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53787"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "36699",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36699"
        },
        {
          "name": "37058",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37058"
        },
        {
          "name": "ADV-2009-2921",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2921"
        },
        {
          "name": "58944",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/58944"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://drupal.org/node/604760"
        },
        {
          "name": "realname-user-profile-xss(53787)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53787"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36699",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36699"
            },
            {
              "name": "37058",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37058"
            },
            {
              "name": "ADV-2009-2921",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2921"
            },
            {
              "name": "58944",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/58944"
            },
            {
              "name": "http://drupal.org/node/604760",
              "refsource": "CONFIRM",
              "url": "http://drupal.org/node/604760"
            },
            {
              "name": "realname-user-profile-xss(53787)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53787"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4524",
    "datePublished": "2009-12-31T19:00:00",
    "dateReserved": "2009-12-31T00:00:00",
    "dateUpdated": "2024-08-07T07:08:37.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2298
Vulnerability from cvelistv5
Published
2012-08-14 22:00
Modified
2024-08-06 19:26
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:09.005Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://drupalcode.org/project/realname.git/commitdiff/b920794"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://drupal.org/node/1547660"
          },
          {
            "name": "48936",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48936"
          },
          {
            "name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
          },
          {
            "name": "53250",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53250"
          },
          {
            "name": "realname-unspecified-xss(75181)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://drupal.org/node/1547352"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0"
          },
          {
            "name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) \"user names in page titles\" and (2) \"autocomplete callbacks.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://drupalcode.org/project/realname.git/commitdiff/b920794"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://drupal.org/node/1547660"
        },
        {
          "name": "48936",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48936"
        },
        {
          "name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
        },
        {
          "name": "53250",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53250"
        },
        {
          "name": "realname-unspecified-xss(75181)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://drupal.org/node/1547352"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0"
        },
        {
          "name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-2298",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) \"user names in page titles\" and (2) \"autocomplete callbacks.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://drupalcode.org/project/realname.git/commitdiff/b920794",
              "refsource": "CONFIRM",
              "url": "http://drupalcode.org/project/realname.git/commitdiff/b920794"
            },
            {
              "name": "http://drupal.org/node/1547660",
              "refsource": "MISC",
              "url": "http://drupal.org/node/1547660"
            },
            {
              "name": "48936",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48936"
            },
            {
              "name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
            },
            {
              "name": "53250",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53250"
            },
            {
              "name": "realname-unspecified-xss(75181)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181"
            },
            {
              "name": "http://drupal.org/node/1547352",
              "refsource": "CONFIRM",
              "url": "http://drupal.org/node/1547352"
            },
            {
              "name": "http://drupalcode.org/project/realname.git/commitdiff/41786d0",
              "refsource": "CONFIRM",
              "url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0"
            },
            {
              "name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2298",
    "datePublished": "2012-08-14T22:00:00",
    "dateReserved": "2012-04-19T00:00:00",
    "dateUpdated": "2024-08-06T19:26:09.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2012-08-14 22:55
Modified
2024-11-21 01:38
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."
References
secalert@redhat.comhttp://drupal.org/node/1547352Patch
secalert@redhat.comhttp://drupal.org/node/1547660Patch, Vendor Advisory
secalert@redhat.comhttp://drupalcode.org/project/realname.git/commitdiff/41786d0Exploit, Patch
secalert@redhat.comhttp://drupalcode.org/project/realname.git/commitdiff/b920794Exploit, Patch
secalert@redhat.comhttp://secunia.com/advisories/48936Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/05/03/1
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/05/03/2
secalert@redhat.comhttp://www.securityfocus.com/bid/53250
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75181
af854a3a-2127-422b-91ae-364da2661108http://drupal.org/node/1547352Patch
af854a3a-2127-422b-91ae-364da2661108http://drupal.org/node/1547660Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://drupalcode.org/project/realname.git/commitdiff/41786d0Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://drupalcode.org/project/realname.git/commitdiff/b920794Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48936Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/05/03/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/05/03/2
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53250
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75181



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:drupal:realname:6.x-1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A2BF18F-9453-4723-908F-1ECCC06BD725",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DEFD25-6809-4B45-B540-4FF47840571C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "52848D58-0690-447B-B1EB-9B4F2437EEE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "7366699E-C627-4AD8-96B6-F91EF2EB2788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA88539-4233-4227-BD41-BF9E5473D96F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "72D68D7B-E1DB-40FA-8E29-B9F0FE0CE18A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "61446E3D-8E7D-4930-8E87-BF7C43D7E92A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "69B7BD43-5B69-42BD-B4D6-1F060C79228D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6119C5-4CC0-4915-91D1-AEC217CE3F93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "017B7187-67B0-405F-AA0A-2A6644712588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CE378FB-FE94-4481-B8FA-2176856B6401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.x:dev:*:*:*:*:*:*",
              "matchCriteriaId": "5307BD77-7AD2-4507-85CE-377EB140D5A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) \"user names in page titles\" and (2) \"autocomplete callbacks.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el m\u00f3dulo realname v6.x-1.x antes de v6.x-1.5 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con (1) los nombres de usuario \"en la p\u00e1gina t\u00edtulos\" y (2) \"las llamadas a autocompletar\".\r\n"
    }
  ],
  "id": "CVE-2012-2298",
  "lastModified": "2024-11-21T01:38:50.233",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-08-14T22:55:02.033",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://drupal.org/node/1547352"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://drupal.org/node/1547660"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://drupalcode.org/project/realname.git/commitdiff/b920794"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48936"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/53250"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://drupal.org/node/1547352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://drupal.org/node/1547660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://drupalcode.org/project/realname.git/commitdiff/b920794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-12-31 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DEFD25-6809-4B45-B540-4FF47840571C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA88539-4233-4227-BD41-BF9E5473D96F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "72D68D7B-E1DB-40FA-8E29-B9F0FE0CE18A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "61446E3D-8E7D-4930-8E87-BF7C43D7E92A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "69B7BD43-5B69-42BD-B4D6-1F060C79228D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nancy_wichmann:realname:6.x-1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6119C5-4CC0-4915-91D1-AEC217CE3F93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo RealName v6.x-1.x anteriores a 6.x-1.3 para Drupal,  permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del elemento realname (tambi\u00e9n conocido como name)."
    }
  ],
  "id": "CVE-2009-4524",
  "lastModified": "2024-11-21T01:09:50.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-31T19:30:00.500",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://drupal.org/node/604760"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/58944"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37058"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36699"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2921"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://drupal.org/node/604760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/58944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53787"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}