CVE-2009-3157

Karen Stevenson Calendar - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.

References (6)

Scores

EPSS 0.0026
EPSS Percentile 49.3%

Classification

CWE
CWE-79
Status published

Affected Products (14)

karen_stevenson/calendar
karen_stevenson/calendar
karen_stevenson/calendar
karen_stevenson/calendar
karen_stevenson/calendar
karen_stevenson/calendar
karen_stevenson/calendar
karen_stevenson/calendar
karen_stevenson/calendar
karen_stevenson/calendar
karen_stevenson/calendar
karen_stevenson/calendar
karen_stevenson/calendar
n/a/n/a

Timeline

Published Sep 10, 2009
Tracked Since Feb 18, 2026