CVE-2009-4119

Low

Low Medium High Critical

CVSS Score

Published: Dec 01, 2009

Last Modified: Apr 09, 2025

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Known Affected Software

23 configuration(s) from 1 vendor(s)

feed_element_mapper

Version:

5.x-1.0-beta2

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:5.x-1.0-beta2:*:*:*:*:*:*:*

feed_element_mapper

Version:

5.x-1.0

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:5.x-1.0:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.0-beta5

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.0-beta5:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.0-beta12

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.0-beta12:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.0-beta1

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.0-beta1:*:*:*:*:*:*:*

feed_element_mapper

Version:

5.x-1.0-beta5

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:5.x-1.0-beta5:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.x-dev

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.x-dev:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.0-beta4

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.0-beta4:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.0-beta9

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.0-beta9:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.0-beta2

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.0-beta2:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.0-beta11

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.0-beta11:*:*:*:*:*:*:*

feed_element_mapper

Version:

5.x-1.1

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:5.x-1.1:*:*:*:*:*:*:*

feed_element_mapper

Version:

5.x-1.0-beta6

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:5.x-1.0-beta6:*:*:*:*:*:*:*

feed_element_mapper

Version:

5.x-1.x-dev

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:5.x-1.x-dev:*:*:*:*:*:*:*

feed_element_mapper

Version:

5.x-1.0-beta1

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:5.x-1.0-beta1:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.0-beta3

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.0-beta3:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.0-beta7

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.0-beta7:*:*:*:*:*:*:*

feed_element_mapper

Version:

5.x-1.0-beta7

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:5.x-1.0-beta7:*:*:*:*:*:*:*

feed_element_mapper

Version:

5.x-1.0-beta4

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:5.x-1.0-beta4:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.0-alpha1

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.0-alpha1:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.0-beta6

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.0-beta6:*:*:*:*:*:*:*

feed_element_mapper

Version:

6.x-1.0-beta10

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:6.x-1.0-beta10:*:*:*:*:*:*:*

feed_element_mapper

Version:

5.x-1.0-beta3

CPE:

cpe:2.3:a:alex_barth:feed_element_mapper:5.x-1.0-beta3:*:*:*:*:*:*:*

This vulnerability affects 23 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-79 Top 25 #1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description: The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploit Likelihood: High
Typical Severity: Medium
OWASP Top 10: A03:2021-Injection
Abstraction Level: Base