Test Kennung:	1.3.6.1.4.1.25623.1.0.800908
Kategorie:	Web application abuses
Titel:	Drupal XSS and Code Injection Vulnerability
Zusammenfassung:	The host is installed with Drupal and is prone to Cross Site Scripting and; Remote Code Injection vulnerabilities.
Beschreibung:	Summary: The host is installed with Drupal and is prone to Cross Site Scripting and Remote Code Injection vulnerabilities. Vulnerability Insight: Multiple flaws arise because, - The users can modify user signatures after the associated comment format is changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary code via a crafted user signature. - When input passed into the unspecified vectors in the Forum module is not properly sanitised before being returned to the user. Vulnerability Impact: Attackers can exploit this issue to conduct script insertion attacks and inject and execute arbitrary PHP, HTML and script code. Affected Software/OS: Drupal version 6.x before 6.13 on all platforms. Solution: Upgrade to Drupal 6.13 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	BugTraq ID: 35548 Common Vulnerability Exposure (CVE) ID: CVE-2009-2372 http://osvdb.org/55525 http://www.securitytracker.com/id?1022497 http://secunia.com/advisories/35681 Common Vulnerability Exposure (CVE) ID: CVE-2009-2373 http://osvdb.org/55524
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.