CVE-2009-1249

Feed element mapper 5.x < 5.x-1.1 - Cross-Site Scripting via Content Title

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34266
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/414702
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34497
Patch x_refsource_confirm
http://drupal.org/node/414644

Scores

EPSS 0.0026
EPSS Percentile 49.0%

Details

CWE
CWE-79
Status published
Products (2)
drupal/feedapi_mapper 5.x-1.0 (8 CPE variants)
drupal/feedapi_mapper 5.x-1.x dev
Published Apr 06, 2009
Tracked Since Feb 18, 2026