CVE-2009-1501Cross-site Scripting in Exif

CWE-79Cross-site Scripting2 documents2 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 51.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Exif
Timeline
PublishedMay 1
Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDexif/exif4 versions+3

Patches

Patch: drupal.orgPatch: www.securityfocus.comPatch: drupal.org

🔴Vulnerability Details

1
GHSA
GHSA-cwh7-7597-4728: Cross-site scripting (XSS) vulnerability in the Exif module 52022-05-02
CVE-2009-1501 — Cross-site Scripting in Exif | cvebase