SecuritySpace - CVE-2009-2372

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2009-2372

Description: Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.

Test IDs: 1.3.6.1.4.1.25623.1.0.66210

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2009-2372
http://osvdb.org/55525
http://www.securitytracker.com/id?1022497
http://secunia.com/advisories/35681

CVE ID:	CVE-2009-2372
Description:	Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
Test IDs:	1.3.6.1.4.1.25623.1.0.66210
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2372 http://osvdb.org/55525 http://www.securitytracker.com/id?1022497 http://secunia.com/advisories/35681