Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-1575

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7 by Internet Explorer 6 and 7.

Related bugs and status

CVE-2009-1575 (Candidate) is related to these bugs:

Bug #352644: generally unsecure drupal5 packages

Summary				In	Importance	Status
	352644	generally unsecure drupal5 packages		drupal5 (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://drupal.org/node...
CONFIRM: http://www.vbdrupal.or...
FEDORA: FEDORA-2009-4175
FEDORA: FEDORA-2009-4203
OSVDB: 54152
SECUNIA: 34948
SECUNIA: 34950
VUPEN: ADV-2009-1216
DEBIAN: DSA-1792
SECUNIA: 34980
XF: drupal-utf7-xss(50250)