Description

Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.

Remediation

References

CVE-2009-3479

Related Vulnerabilities

GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23821)

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7484)

b2evolution Use of Insufficiently Random Values Vulnerability (CVE-2022-30935)

WordPress Plugin Coming Soon & Maintenance Mode Page Cross-Site Request Forgery (1.57)

SharePoint Resource Management Errors Vulnerability (CVE-2015-0086)

Severity

Medium

Classification

CVE-2009-3479 CWE-707

Tags

Missing Update Known Vulnerabilities