Search criteria
7 vulnerabilities by nathan_haug
CVE-2013-4502 (GCVE-0-2013-4502)
Vulnerability from cvelistv5 – Published: 2014-05-13 15:00 – Updated: 2024-08-06 16:45
VLAI?
Summary
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2124241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2124219"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/210"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2124217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2124241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2124219"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/210"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2124217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2124241",
"refsource": "MISC",
"url": "https://drupal.org/node/2124241"
},
{
"name": "https://drupal.org/node/2124219",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2124219"
},
{
"name": "[oss-security] 20131103 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/210"
},
{
"name": "https://drupal.org/node/2124217",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2124217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4502",
"datePublished": "2014-05-13T15:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2129 (GCVE-0-2013-2129)
Vulnerability from cvelistv5 – Published: 2013-06-24 16:13 – Updated: 2024-08-06 15:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60218"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2007460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2007390"
},
{
"name": "93749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93749"
},
{
"name": "drupal-webform-cve20132129-label-xss(84628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84628"
},
{
"name": "53184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the \"edit own webform content\" or \"edit all webform content\" permissions to inject arbitrary web script or HTML via a component label."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60218"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2007460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2007390"
},
{
"name": "93749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93749"
},
{
"name": "drupal-webform-cve20132129-label-xss(84628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84628"
},
{
"name": "53184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the \"edit own webform content\" or \"edit all webform content\" permissions to inject arbitrary web script or HTML via a component label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60218"
},
{
"name": "https://drupal.org/node/2007460",
"refsource": "MISC",
"url": "https://drupal.org/node/2007460"
},
{
"name": "https://drupal.org/node/2007390",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2007390"
},
{
"name": "93749",
"refsource": "OSVDB",
"url": "http://osvdb.org/93749"
},
{
"name": "drupal-webform-cve20132129-label-xss(84628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84628"
},
{
"name": "53184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2129",
"datePublished": "2013-06-24T16:13:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5538 (GCVE-0-2012-5538)
Vulnerability from cvelistv5 – Published: 2012-12-03 21:00 – Updated: 2024-09-16 17:37
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1789300"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1789306"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1789302"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has \"Reference existing\" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-03T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1789300"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1789306"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1789302"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has \"Reference existing\" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1789300",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1789300"
},
{
"name": "http://drupal.org/node/1789306",
"refsource": "MISC",
"url": "http://drupal.org/node/1789306"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"name": "http://drupal.org/node/1789302",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1789302"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5538",
"datePublished": "2012-12-03T21:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-09-16T17:37:40.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1660 (GCVE-0-2012-1660)
Vulnerability from cvelistv5 – Published: 2012-09-18 20:00 – Updated: 2024-08-06 19:01
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1472180"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1472178"
},
{
"name": "52345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52345"
},
{
"name": "48310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48310"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/webform.git/commit/917fa91"
},
{
"name": "79852",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79852"
},
{
"name": "drupal-webform-unspecified-xss-var2(73779)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73779"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/webform.git/commit/90af819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1472214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the \"Select (or other)\" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1472180"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1472178"
},
{
"name": "52345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52345"
},
{
"name": "48310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48310"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/webform.git/commit/917fa91"
},
{
"name": "79852",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79852"
},
{
"name": "drupal-webform-unspecified-xss-var2(73779)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73779"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/webform.git/commit/90af819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1472214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the \"Select (or other)\" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1472180",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1472180"
},
{
"name": "http://drupal.org/node/1472178",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1472178"
},
{
"name": "52345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52345"
},
{
"name": "48310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48310"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "http://drupalcode.org/project/webform.git/commit/917fa91",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/webform.git/commit/917fa91"
},
{
"name": "79852",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79852"
},
{
"name": "drupal-webform-unspecified-xss-var2(73779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73779"
},
{
"name": "http://drupalcode.org/project/webform.git/commit/90af819",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/webform.git/commit/90af819"
},
{
"name": "http://drupal.org/node/1472214",
"refsource": "MISC",
"url": "http://drupal.org/node/1472214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1660",
"datePublished": "2012-09-18T20:00:00",
"dateReserved": "2012-03-12T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4533 (GCVE-0-2009-4533)
Vulnerability from cvelistv5 – Published: 2009-12-31 19:00 – Updated: 2024-08-07 07:08
VLAI?
Summary
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604920"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604922"
},
{
"name": "58946",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58946"
},
{
"name": "drupal-webform-cache-info-disclosure(53797)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604920"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604922"
},
{
"name": "58946",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58946"
},
{
"name": "drupal-webform-cache-info-disclosure(53797)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37021"
},
{
"name": "ADV-2009-2923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "http://drupal.org/node/604920",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604920"
},
{
"name": "http://drupal.org/node/604942",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604942"
},
{
"name": "http://drupal.org/node/604922",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604922"
},
{
"name": "58946",
"refsource": "OSVDB",
"url": "http://osvdb.org/58946"
},
{
"name": "drupal-webform-cache-info-disclosure(53797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4533",
"datePublished": "2009-12-31T19:00:00",
"dateReserved": "2009-12-31T00:00:00",
"dateUpdated": "2024-08-07T07:08:37.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4532 (GCVE-0-2009-4532)
Vulnerability from cvelistv5 – Published: 2009-12-31 19:00 – Updated: 2024-08-07 07:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "58945",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58945"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "drupal-webform-labels-xss(53796)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "58945",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58945"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "drupal-webform-labels-xss(53796)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37021"
},
{
"name": "58945",
"refsource": "OSVDB",
"url": "http://osvdb.org/58945"
},
{
"name": "ADV-2009-2923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "drupal-webform-labels-xss(53796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53796"
},
{
"name": "http://drupal.org/node/604942",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4532",
"datePublished": "2009-12-31T19:00:00",
"dateReserved": "2009-12-31T00:00:00",
"dateUpdated": "2024-08-07T07:08:37.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4207 (GCVE-0-2009-4207)
Vulnerability from cvelistv5 – Published: 2009-12-04 19:00 – Updated: 2024-09-16 19:21
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35197",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35197"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/481268"
},
{
"name": "35339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/481258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/481260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-04T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35197",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35197"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/481268"
},
{
"name": "35339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/481258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/481260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35197"
},
{
"name": "http://drupal.org/node/481268",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/481268"
},
{
"name": "35339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35339"
},
{
"name": "http://drupal.org/node/481258",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/481258"
},
{
"name": "http://drupal.org/node/481260",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/481260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4207",
"datePublished": "2009-12-04T19:00:00Z",
"dateReserved": "2009-12-04T00:00:00Z",
"dateUpdated": "2024-09-16T19:21:01.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}