CVE-2009-3157

Severity Score

3.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.

Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo "Calendar" (calendario) en versiones v6.x anteriores a la v6.x-2.2 para Drupal permite a atacantes remotos autenticados, con privilegios "create new content types" (crear nuevos tipos de contenido), inyectar codigo de script web o código HTML a través de el título de un tipo de contenido.

*Credits: N/A

CVSS Scores

NISTv2 3.5

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-09-10 CVE Reserved
2009-09-10 CVE Published
2024-09-17 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (6)

URL	Tag	Source
http://lampsecurity.org/drupal-date-xss-vulnerability	Url Repurposed
http://www.osvdb.org/56611	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://drupal.org/node/534336	2024-02-14
http://drupal.org/node/534652	2024-02-14
http://www.securityfocus.com/bid/35790	2024-02-14

URL	Date	SRC
http://secunia.com/advisories/36012	2024-02-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.0 Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.0"	-	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.0 Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.0"	beta	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.0 Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.0"	beta2	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.0 Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.0"	beta3	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.0 Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.0"	beta4	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.0 Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.0"	rc1	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.0 Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.0"	rc2	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.0 Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.0"	rc3	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.0 Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.0"	rc4	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.0 Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.0"	rc5	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.0 Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.0"	rc6	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.1 Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.1"	-	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Karen Stevenson Search vendor "Karen Stevenson"	Calendar Search vendor "Karen Stevenson" for product "Calendar"	6.x-2.x-dev Search vendor "Karen Stevenson" for product "Calendar" and version "6.x-2.x-dev"	-	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe