Description

Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail.

Remediation

References

CVE-2009-1047

Related Vulnerabilities

Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2015-0258)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2064)

WordPress Plugin Ultimate Reviews PHP Object Injection (2.0.18)

WordPress Plugin Avenir-soft Direct Download Multiple Vulnerabilities (1.0)

WordPress Plugin Events Made Easy SQL Injection (2.2.35)

Severity

Medium

Classification

CVE-2009-1047 CWE-707

Tags

Missing Update Known Vulnerabilities