CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-1035

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile18.75th
Published2009年3月20日
Last Modified2026年4月23日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS).

Affected Platforms (CPE)

📦
Jake Gordon

Tasks

= 5.x-1.0
📦
Jake Gordon

Tasks

= 5.x-1.2
📦
Jake Gordon

Tasks

= 5.x-2.x-dev

References & Advisories

🔗 http://drupal.org/node/406316
🔗 http://osvdb.org/52782
🔗 http://secunia.com/advisories/34376
🔗 http://www.securityfocus.com/bid/34170
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/49319
🔗 http://drupal.org/node/406316
🔗 http://osvdb.org/52782
🔗 http://secunia.com/advisories/34376

関連する脆弱性情報

CVE-2004-021210.0

Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local...

CVE-2002-114510.0

The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1...

CVE-2020-628710.0

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which...

CVE-2007-026110.0

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform u...