CVE-2009-3779 - OpenCVE

Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Stefan Auditor	Vcard

Configuration 1 [-]

AND

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:stefan_auditor:vcard:5.x-1.0:::::::*
	cpe:2.3:a:stefan_auditor:vcard:5.x-1.1:::::::*
	cpe:2.3:a:stefan_auditor:vcard:5.x-1.2:::::::*
	cpe:2.3:a:stefan_auditor:vcard:5.x-1.3:::::::*
	cpe:2.3:a:stefan_auditor:vcard:5.x-1.x-dev:::::::*
	cpe:2.3:a:stefan_auditor:vcard:6.x-1.0:::::::*
	cpe:2.3:a:stefan_auditor:vcard:6.x-1.1:::::::*
	cpe:2.3:a:stefan_auditor:vcard:6.x-1.2:::::::*
	cpe:2.3:a:stefan_auditor:vcard:6.x-1.x-dev:::::::*

No data.

References

Link	Providers
http://drupal.org/node/610416
http://drupal.org/node/610420
http://drupal.org/node/610996
http://secunia.com/advisories/37127
http://www.securityfocus.com/bid/36789
http://www.vupen.com/english/advisories/2009/3002
https://exchange.xforce.ibmcloud.com/vulnerabilities/53903

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-10-26T17:00:00

Updated: 2024-08-07T06:38:30.260Z

Reserved: 2009-10-26T00:00:00

Link: CVE-2009-3779

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-10-26T17:30:00.377

Modified: 2017-08-17T01:31:16.227

Link: CVE-2009-3779

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-21T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2009-3002", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3002"}, {"name": "36789", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36789"}, {"name": "vcard-themevcard-xss(53903)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53903"}, {"name": "37127", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37127"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/610996"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/610416"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/610420"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3779", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2009-3002", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3002"}, {"name": "36789", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36789"}, {"name": "vcard-themevcard-xss(53903)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53903"}, {"name": "37127", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37127"}, {"name": "http://drupal.org/node/610996", "refsource": "CONFIRM", "url": "http://drupal.org/node/610996"}, {"name": "http://drupal.org/node/610416", "refsource": "CONFIRM", "url": "http://drupal.org/node/610416"}, {"name": "http://drupal.org/node/610420", "refsource": "CONFIRM", "url": "http://drupal.org/node/610420"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:38:30.260Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2009-3002", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3002"}, {"name": "36789", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36789"}, {"name": "vcard-themevcard-xss(53903)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53903"}, {"name": "37127", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37127"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/610996"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/610416"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/610420"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3779", "datePublished": "2009-10-26T17:00:00", "dateReserved": "2009-10-26T00:00:00", "dateUpdated": "2024-08-07T06:38:30.260Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:stefan_auditor:vcard:5.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "68E24484-76FB-47A3-BA11-AB184EF0132C", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_auditor:vcard:5.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D46E1985-7447-45AB-A134-873ACC037745", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_auditor:vcard:5.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A3DDF905-F7F8-406C-B0C8-AC8C2C7F35B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_auditor:vcard:5.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "5A49EFFA-FE52-45F6-87B0-20FBDEC2506A", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_auditor:vcard:5.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "E4C7798D-100B-492C-B8E4-45832E9858F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_auditor:vcard:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D4039EB8-B9E2-4A9F-93AE-2B6C8CF9F54F", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_auditor:vcard:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B5ED742A-5E9D-4ABD-ADCA-FA19294FA8F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_auditor:vcard:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "28DE2004-2E0B-4F5D-9A8D-471105CA1C54", "vulnerable": true}, {"criteria": "cpe:2.3:a:stefan_auditor:vcard:6.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "EAB8891E-ADE2-4D6A-8EBE-A14044CCAC59", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo para Drupal vCard v5.x anteriores a v5.x-1.4 y v6.x anteriores a v6.x-1.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, relativos a a\u00f1adir la funci\u00f3n theme_vcard."}], "id": "CVE-2009-3779", "lastModified": "2017-08-17T01:31:16.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-10-26T17:30:00.377", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/610416"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/610420"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/610996"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37127"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/36789"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3002"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53903"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}