CVE-2009-0817
Drupal Protected Node Module < 5.x-1.4/6.x-1.5 - Authenticated XSS via Password Page
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.
References (8)
Core 8
Core References
Exploit, Vendor Advisory x_refsource_confirm
http://drupal.org/node/385950
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34060
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48980
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0572
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/52300
Exploit, URL Repurposed x_refsource_misc
http://lampsecurity.org/node/28
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/386606
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/386604
Scores
EPSS
0.0027
EPSS Percentile
50.5%
Details
CWE
CWE-79
Status
published
Products (9)
drupal/protected_node_module
5.x
drupal/protected_node_module
5.x-1.0
drupal/protected_node_module
5.x-1.2
drupal/protected_node_module
5.x-1.3
drupal/protected_node_module
5.x-1.x-dev
drupal/protected_node_module
6.x-1.0
drupal/protected_node_module
6.x-1.2
drupal/protected_node_module
6.x-1.3
drupal/protected_node_module
6.x-1.4
Published
Mar 05, 2009
Tracked Since
Feb 18, 2026