CyberSec.Space Logo
Back to CVE Browser

CVE-2009-1575

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1590%
EPSS Percentile32.41th
PublishedMay 6, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.

Affected Platforms (CPE)

πŸ“¦
Drupal

Drupal

= 5.0
πŸ“¦
Drupal

Drupal

= 5.0
πŸ“¦
Drupal

Drupal

= 5.0
πŸ“¦
Drupal

Drupal

= 5.0
πŸ“¦
Drupal

Drupal

= 5.0
πŸ“¦
Drupal

Drupal

= 5.1
πŸ“¦
Drupal

Drupal

= 5.1_rev1.1
πŸ“¦
Drupal

Drupal

= 5.2
πŸ“¦
Drupal

Drupal

= 5.3
πŸ“¦
Drupal

Drupal

= 5.4
πŸ“¦
Drupal

Drupal

= 5.5
πŸ“¦
Drupal

Drupal

= 5.5.
πŸ“¦
Drupal

Drupal

= 5.6
πŸ“¦
Drupal

Drupal

= 5.7
πŸ“¦
Drupal

Drupal

= 5.8
πŸ“¦
Drupal

Drupal

= 5.9
πŸ“¦
Drupal

Drupal

= 5.10
πŸ“¦
Drupal

Drupal

= 5.11
πŸ“¦
Drupal

Drupal

= 5.12
πŸ“¦
Drupal

Drupal

= 5.13
πŸ“¦
Drupal

Drupal

= 5.14
πŸ“¦
Drupal

Drupal

= 5.15
πŸ“¦
Drupal

Drupal

= 5.16
πŸ“¦
Drupal

Drupal

= 6
πŸ“¦
Drupal

Drupal

= 6
πŸ“¦
Drupal

Drupal

= 6.0
πŸ“¦
Drupal

Drupal

= 6.0
πŸ“¦
Drupal

Drupal

= 6.0
πŸ“¦
Drupal

Drupal

= 6.0
πŸ“¦
Drupal

Drupal

= 6.0
πŸ“¦
Drupal

Drupal

= 6.0
πŸ“¦
Drupal

Drupal

= 6.0
πŸ“¦
Drupal

Drupal

= 6.0
πŸ“¦
Drupal

Drupal

= 6.0
πŸ“¦
Drupal

Drupal

= 6.1
πŸ“¦
Drupal

Drupal

= 6.2
πŸ“¦
Drupal

Drupal

= 6.3
πŸ“¦
Drupal

Drupal

= 6.4
πŸ“¦
Drupal

Drupal

= 6.5
πŸ“¦
Drupal

Drupal

= 6.6
πŸ“¦
Drupal

Drupal

= 6.7
πŸ“¦
Drupal

Drupal

= 6.8
πŸ“¦
Drupal

Drupal

= 6.9
πŸ“¦
Drupal

Drupal

= 6.10

References & Advisories

πŸ”— http://drupal.org/node/449078
πŸ”— http://secunia.com/advisories/34948
πŸ”— http://secunia.com/advisories/34950
πŸ”— http://secunia.com/advisories/34980
πŸ”— http://www.debian.org/security/2009/dsa-1792
πŸ”— http://www.osvdb.org/54152
πŸ”— http://www.vbdrupal.org/forum/showthread.php?p=9953#post9953
πŸ”— http://www.vupen.com/english/advisories/2009/1216

Related Vulnerabilities

CVE-2008-082310.0

Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administratio...

CVE-2008-056810.0

Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remot...

CVE-2007-084110.0

Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector r...

CVE-2009-103410.0

SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, ...