Unrated severityNVD Advisory· Published Mar 5, 2009· Updated Jun 16, 2026
CVE-2009-0817
CVE-2009-0817
Description
Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:drupal:protected_node_module:5.x:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:drupal:protected_node_module:5.x:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:protected_node_module:5.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:protected_node_module:5.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:protected_node_module:5.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:protected_node_module:5.x-1.x-dev:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:protected_node_module:6.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:protected_node_module:6.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:protected_node_module:6.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:protected_node_module:6.x-1.4:*:*:*:*:*:*:*
- (no CPE)range: 5.x before 5.x-1.4, 6.x before 6.x-1.5
Patches
Vulnerability mechanics
References
8- drupal.org/node/386604nvdPatchVendor Advisory
- drupal.org/node/386606nvdPatchVendor Advisory
- www.vupen.com/english/advisories/2009/0572nvdPatchVendor Advisory
- drupal.org/node/385950nvdExploitVendor Advisory
- lampsecurity.org/node/28nvdExploitURL Repurposed
- secunia.com/advisories/34060nvdVendor Advisory
- osvdb.org/52300nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/48980nvd
News mentions
0No linked articles in our index yet.