Description

Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.

Remediation

References

CVE-2009-3479

Related Vulnerabilities

WordPress Plugin WordPress Simple Ecommerce Shopping Cart-Sell products through Paypal Arbitrary File Upload (2.2.5)

WordPress Plugin TheCartPress eCommerce Shopping Cart 'tcp_class_path' Parameter Remote File Include (1.1.1)

WordPress 4.6.x PHP Object Injection (4.6 - 4.6.20)

WordPress Other Vulnerability (CVE-2007-3543)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2016-7053)

Severity

Medium

Classification

CVE-2009-3479 CWE-707

Tags

Missing Update Known Vulnerabilities