What is the severity of CVE-2009-3156?

CVE-2009-3156 is considered a medium severity vulnerability due to its potential to allow cross-site scripting (XSS) attacks.

How do I fix CVE-2009-3156?

To fix CVE-2009-3156, upgrade the Date module to version 6.x-2.3 or later.

Who is affected by CVE-2009-3156?

CVE-2009-3156 affects Drupal users with 'use date tools' or 'administer content types' privileges.

What type of vulnerability is CVE-2009-3156?

CVE-2009-3156 is a cross-site scripting (XSS) vulnerability that allows the injection of arbitrary web script or HTML.

Which Drupal versions are vulnerable to CVE-2009-3156?

Drupal versions using the Date module prior to 6.x-2.3 are vulnerable to CVE-2009-3156.

Vulnerability/
CVE-2009-3156

low

2.1

CWE

10/9/2009

7/8/2024

CVE-2009-3156: XSS

First published: Thu Sep 10 2009(Updated: )

Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Drupal Drupal
Karen Stevenson Date	=6.x-1.0-beta
Karen Stevenson Date	=6.x-1.x-dev
Karen Stevenson Date	=6.x-2.0
Karen Stevenson Date	=6.x-2.0-rc1
Karen Stevenson Date	=6.x-2.0-rc2
Karen Stevenson Date	=6.x-2.0-rc3
Karen Stevenson Date	=6.x-2.0-rc4
Karen Stevenson Date	=6.x-2.0-rc5
Karen Stevenson Date	=6.x-2.0-rc6
Karen Stevenson Date	=6.x-2.0-beta
Karen Stevenson Date	=6.x-2.0-beta2
Karen Stevenson Date	=6.x-2.0-beta3
Karen Stevenson Date	=6.x-2.0-beta4
Karen Stevenson Date	=6.x-2.1
Karen Stevenson Date	=6.x-2.2
All of
Drupal Drupal
Any of
Karen Stevenson Date	=6.x-1.0-beta
Karen Stevenson Date	=6.x-1.x-dev
Karen Stevenson Date	=6.x-2.0
Karen Stevenson Date	=6.x-2.0-rc1
Karen Stevenson Date	=6.x-2.0-rc2
Karen Stevenson Date	=6.x-2.0-rc3
Karen Stevenson Date	=6.x-2.0-rc4
Karen Stevenson Date	=6.x-2.0-rc5
Karen Stevenson Date	=6.x-2.0-rc6
Karen Stevenson Date	=6.x-2.0-beta
Karen Stevenson Date	=6.x-2.0-beta2
Karen Stevenson Date	=6.x-2.0-beta3
Karen Stevenson Date	=6.x-2.0-beta4
Karen Stevenson Date	=6.x-2.1
Karen Stevenson Date	=6.x-2.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-3156?
CVE-2009-3156 is considered a medium severity vulnerability due to its potential to allow cross-site scripting (XSS) attacks.
How do I fix CVE-2009-3156?
To fix CVE-2009-3156, upgrade the Date module to version 6.x-2.3 or later.
Who is affected by CVE-2009-3156?
CVE-2009-3156 affects Drupal users with 'use date tools' or 'administer content types' privileges.
What type of vulnerability is CVE-2009-3156?
CVE-2009-3156 is a cross-site scripting (XSS) vulnerability that allows the injection of arbitrary web script or HTML.
Which Drupal versions are vulnerable to CVE-2009-3156?
Drupal versions using the Date module prior to 6.x-2.3 are vulnerable to CVE-2009-3156.

collector/nvd-historical
collector/nvd-index
agent/references
agent/type
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/remedy
agent/severity
agent/weakness
agent/description
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/first-publish-date
agent/event
agent/source
vendor/drupal
canonical/drupal drupal
vendor/karen stevenson
canonical/karen stevenson date
version/karen stevenson date/6.x-1.0-beta
version/karen stevenson date/6.x-1.x-dev
version/karen stevenson date/6.x-2.0
version/karen stevenson date/6.x-2.0-rc1
version/karen stevenson date/6.x-2.0-rc2
version/karen stevenson date/6.x-2.0-rc3
version/karen stevenson date/6.x-2.0-rc4
version/karen stevenson date/6.x-2.0-rc5
version/karen stevenson date/6.x-2.0-rc6
version/karen stevenson date/6.x-2.0-beta
version/karen stevenson date/6.x-2.0-beta2
version/karen stevenson date/6.x-2.0-beta3
version/karen stevenson date/6.x-2.0-beta4
version/karen stevenson date/6.x-2.1
version/karen stevenson date/6.x-2.2

CVE-2009-3156: XSS

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-3156?

How do I fix CVE-2009-3156?

Who is affected by CVE-2009-3156?

What type of vulnerability is CVE-2009-3156?

Which Drupal versions are vulnerable to CVE-2009-3156?

Company

Resources

Contact