CVE-2009-3915

Drupal Link module <6.x-2.7 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.

References (7)

Scores

EPSS 0.0040
EPSS Percentile 60.6%

Classification

CWE
CWE-79
Status published

Affected Products (27)

john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
john_c_fiala/link
... and 12 more

Timeline

Published Nov 09, 2009
Tracked Since Feb 18, 2026