Description

Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.

Remediation

References

CVE-2009-3479

Related Vulnerabilities

WordPress Plugin Instagram Feed Unspecified Vulnerability (1.10.2)

WordPress Plugin OnePress Social Locker Multiple Cross-Site Scripting Vulnerabilities (4.2.0)

Swagger UI Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-5682)

Joomla! Core 3.2.x Cross-Site Scripting (3.2.0 - 3.2.4)

WordPress Plugin RapidLoad Power-Up for Autoptimize Multiple Vulnerabilities (1.7.1)

Severity

Medium

Classification

CVE-2009-3479 CWE-707

Tags

Missing Update Known Vulnerabilities