Unrated severityNVD Advisory· Published Sep 10, 2009· Updated Jun 16, 2026
CVE-2009-3156
CVE-2009-3156
Description
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24cpe:2.3:a:karen_stevenson:date:6.x-1.0-beta:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:karen_stevenson:date:6.x-1.0-beta:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-1.x-dev:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0-beta:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0-beta2:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0-beta3:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0-beta4:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.2:*:*:*:*:*:*:*
- osv-coords7 versionspkg:apk/chainguard/drupal-11.3pkg:apk/chainguard/drupal-11.3-apache2-configpkg:apk/chainguard/drupal-11.3-compatpkg:apk/chainguard/drupal-11-apache2-configpkg:apk/chainguard/drupal-11-compatpkg:apk/wolfi/drupal-11-apache2-configpkg:apk/wolfi/drupal-11-compat
< 0+ 6 more
- (no CPE)range: < 0
- (no CPE)range: < 11.3.2-r1
- (no CPE)range: < 11.3.1-r0
- (no CPE)range: < 11.2.5-r1
- (no CPE)range: < 11.2.5-r1
- (no CPE)range: < 11.2.5-r1
- (no CPE)range: < 11.2.5-r1
Patches
Vulnerability mechanics
References
10- drupal.org/node/534332nvdPatchVendor Advisory
- drupal.org/node/534636nvdPatchVendor Advisory
- www.securityfocus.com/bid/35790nvdPatch
- secunia.com/advisories/36006nvdVendor Advisory
- www.vupen.com/english/advisories/2009/2103nvdVendor Advisory
- lampsecurity.org/drupal-date-xss-vulnerabilitynvdURL Repurposed
- www.osvdb.org/56608nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/52143nvd
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01312.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-July/msg01339.htmlnvd
News mentions
0No linked articles in our index yet.