Description

Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.

Remediation

References

CVE-2009-3479

Related Vulnerabilities

Plone CMS CVE-2011-3587 Vulnerability (CVE-2011-3587)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3742)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18100)

MySQL CVE-2019-2693 Vulnerability (CVE-2019-2693)

WordPress Plugin WP Inventory Manager Cross-Site Scripting (1.7.8)

Severity

Medium

Classification

CVE-2009-3479 CWE-707

Tags

Missing Update Known Vulnerabilities