Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items."
2009-05-20T19:30:00.327
2025-04-09T00:30:58.490
Deferred
CVSSv2: 3.5 (LOW)
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.8
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ivanjaros | feed_block | 6.x-1.0 | Yes |
| Application | ivanjaros | feed_block | 6.x-1.0 | Yes |
| Application | ivanjaros | feed_block | 6.x-1.0 | Yes |
| Application | ivanjaros | feed_block | 6.x-1.x | Yes |
| Application | drupal | drupal | - | No |