Published: 08/07/2009 Updated: 08/07/2009

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x prior to 6.13 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal 6.3
drupal drupal 6.0
drupal drupal 5.14
drupal drupal 5.16
drupal drupal 5.2
drupal drupal 5.8
drupal drupal 6.8
drupal drupal 6.10
drupal drupal 6.9
drupal drupal 6.12
drupal drupal 5.1_rev1.1
drupal drupal 5.13
drupal drupal 5.3
drupal drupal 5.5.
drupal drupal 5.4
drupal drupal 5.0
drupal drupal 6.6
drupal drupal 6.7
drupal drupal 6.5
drupal drupal 6.4
drupal drupal 5.1
drupal drupal 5.9
drupal drupal 5.6
drupal drupal 5.7
drupal drupal 6.2
drupal drupal 6.11
drupal drupal 6.1
drupal drupal 5.12
drupal drupal 5.15
drupal drupal 5.11
drupal drupal 5.5
drupal drupal 5.10

Several vulnerabilities have been found in drupal6, a fully-featured content management framework The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2372 Gerhard Killesreiter discovered a flaw in the way user signatures are handled It is possible for a user to inject arbitrary code via a crafted user sig ...

CWE-79 http://osvdb.org/55524 http://drupal.org/node/507572 http://secunia.com/advisories/35681 https://www.debian.org/security/./dsa-1930 https://nvd.nist.gov

CVE-2009-2373

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect