CVE-2009-0817
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2009-0817
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Drupal Protected Node模块脚本注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Drupal的Protected Node模块可通过口令限制对节点的访问。 protected_node.module模块的protected_node_enterpassword()函数没有正确地过滤用户提供输入,272到274行使用以下语句显示出用户提供的文本: $form['protected_node'] = array( '#value' => $info ); 由于没有使用check_plain()或类似的函数过滤$info变量,当q设置为admin/settings/protected_no
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2009-0817
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2009-0817
请登录查看更多情报信息。
- http://lampsecurity.org/node/28x_refsource_MISC
- http://drupal.org/node/386604x_refsource_CONFIRM
- http://drupal.org/node/385950x_refsource_CONFIRM
- http://drupal.org/node/386606x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2009-0817
Same Patch Batch · n/a · 2009-03-05 · 32 CVEs total
| CVE-2009-0619 | Cisco SBC拒绝服务漏洞 | |
| CVE-2009-0821 | Mozilla Firefox Nested 'window.print()' 拒绝服务漏洞 | |
| CVE-2009-0820 | Php.Brickhost phpScheduleIt 'check.php'远程代码执行漏洞 | |
| CVE-2009-0819 | Oracle MySQL 安全漏洞 | |
| CVE-2009-0818 | Drupal Taxonomy Theme模块name参数HTML注入漏洞 | |
| CVE-2009-0816 | TYPO3后台用户界面跨站脚本攻击漏洞 | |
| CVE-2009-0815 | TYPO3 class.tslib_fe.php jumpUrl机制信息泄露漏洞 | |
| CVE-2009-0814 | Blogsa 'Widgets.aspx' 跨站脚本攻击漏洞 | |
| CVE-2009-0813 | Imera ImeraIEPlugin ActiveX控件任意文件下载漏洞 | |
| CVE-2009-0777 | Mozilla Firefox/Thunderbird/SeaMonkey地址欺骗漏洞 | |
| CVE-2009-0776 | Mozilla Firefox/Thunderbird/SeaMonkey 'nsIRDFService'安全绕过和信息泄露漏洞 | |
| CVE-2009-0775 | Mozilla Firefox安全漏洞 | |
| CVE-2009-0774 | Mozilla多个产品'布局引擎' 拒绝服务攻击和代码执行漏洞 | |
| CVE-2009-0773 | Mozilla多个产品 'JavaScript引擎' 拒绝服务和任意代码执行漏洞 | |
| CVE-2009-0772 | Mozilla多个产品布局引擎拒绝服务和任意代码执行漏洞 | |
| CVE-2009-0771 | Mozilla Firefox 资源管理错误漏洞 | |
| CVE-2008-6399 | DotNetNuke 权限许可和访问控制漏洞 | |
| CVE-2009-0578 | Ubuntu GNOME NetworkManager 'dbus' 错误权限限制漏洞 | |
| CVE-2009-0367 | Wesnoth Battle for Wesnoth PythonAI模块绕过安全限制漏洞 | |
| CVE-2009-0365 | Ubuntu GNOME NetworkManager 'nm-applet.conf' 错误权限限制漏洞 |
Showing top 20 of 32 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2009-0817
No comments yet