cbcvebase.
CVE-2009-4429
published 2009-12-28

CVE-2009-4429: Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with…

PriorityP416low3.5CVSS 2.0
AVNACMAuSCNIPAN
EXPLOIT
EPSS
2.82%
84.8th percentile
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).

Affected

8 ranges
VendorProductVersion rangeFixed in
alexander_hasssections_module
alexander_hasssections_module
alexander_hasssections_module
alexander_hasssections_module
alexander_hasssections_module
alexander_hasssections_module
alexander_hasssections_module
alexander_hasssections_module
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.