CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-4371

Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.1%

CVSS Severity

CVSS v2 Score 3.5

References

http://secunia.com/advisories/37825
http://www.madirish.net/?article=442
https://exchange.xforce.ibmcloud.com/vulnerabilities/54873
http://secunia.com/advisories/37825
http://www.madirish.net/?article=442
https://exchange.xforce.ibmcloud.com/vulnerabilities/54873

Products affected by CVE-2009-4371

Drupal » Drupal » Version: 6.14

cpe:2.3:a:drupal:drupal:6.14
Drupal » Drupal » Version: 6.15

cpe:2.3:a:drupal:drupal:6.15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-4371

Products

Pricing

Contact Us