Unrated severityNVD Advisory· Published Jan 4, 2010· Updated Apr 23, 2026
CVE-2009-4557
CVE-2009-4557
Description
Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title.
Affected products
20cpe:2.3:a:unleashedmind:img_assist:5.x-1.0:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:unleashedmind:img_assist:5.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:5.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:5.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:5.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:5.x-1.4:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:5.x-1.5:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:5.x-1.6:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:5.x-1.7:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:5.x-1.x-dev:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:5.x-2.0-alpha1:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:5.x-2.0-alpha3:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:5.x-2.x-dev:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:5.x-3.x-dev:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:6.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:6.x-1.0-beta1:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:6.x-1.x-dev:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:6.x-2.0-alpha2:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:6.x-2.0-alpha3:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:6.x-2.x-dev:*:*:*:*:*:*:*
- cpe:2.3:a:unleashedmind:img_assist:6.x-3.x-dev:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- drupal.org/node/520564nvdPatchVendor Advisory
- www.securityfocus.com/bid/35710nvdPatch
- secunia.com/advisories/35879nvdVendor Advisory
- osvdb.org/55866nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/51786nvd
News mentions
0No linked articles in our index yet.