CyberSec.Space Logo
Back to CVE Browser

CVE-2009-1035

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile18.75th
PublishedMar 20, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS).

Affected Platforms (CPE)

πŸ“¦
Jake Gordon

Tasks

= 5.x-1.0
πŸ“¦
Jake Gordon

Tasks

= 5.x-1.2
πŸ“¦
Jake Gordon

Tasks

= 5.x-2.x-dev

References & Advisories

πŸ”— http://drupal.org/node/406316
πŸ”— http://osvdb.org/52782
πŸ”— http://secunia.com/advisories/34376
πŸ”— http://www.securityfocus.com/bid/34170
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/49319
πŸ”— http://drupal.org/node/406316
πŸ”— http://osvdb.org/52782
πŸ”— http://secunia.com/advisories/34376

Related Vulnerabilities

CVE-2004-021210.0

Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local...

CVE-2002-114510.0

The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1...

CVE-2020-628710.0

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which...

CVE-2007-026110.0

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform u...