CVE-2009-2076

N/A Unknown
Published: June 16, 2009 Modified: April 23, 2026
View on NVD

Description

Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://drupal.org/node/488068
Source: cve@mitre.org
Patch Vendor Advisory
http://drupal.org/node/488082
Source: cve@mitre.org
Patch
http://lampsecurity.org/drupal-views-xss-vulnerability
Source: cve@mitre.org
Exploit URL Repurposed
http://secunia.com/advisories/35425
Source: cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/35304
Source: cve@mitre.org
http://drupal.org/node/488068
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://drupal.org/node/488082
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://lampsecurity.org/drupal-views-xss-vulnerability
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit URL Repurposed
http://secunia.com/advisories/35425
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/35304
Source: af854a3a-2127-422b-91ae-364da2661108

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.2%
36th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Affected Vendors

drupal

Related CVEs

CVE-2026-7024 5.4
CVE-2026-7023 6.3
CVE-2026-7022 7.3
CVE-2026-7021 3.5
CVE-2026-7020 5.6