Test ID:	1.3.6.1.4.1.25623.1.0.100170
Category:	Web application abuses
Title:	Drupal HTML Injection and Information Disclosure Vulnerabilities
Summary:	Drupal is prone to a cross-site scripting vulnerability and an; information disclosure vulnerability.
Description:	Summary: Drupal is prone to a cross-site scripting vulnerability and an information disclosure vulnerability. Vulnerability Impact: An attacker may leverage these issues to obtain potentially sensitive information, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user. Other attacks are also possible. Affected Software/OS: Drupal 5.x (prior to 5.17) Drupal 6.x (prior to 6.11) Solution: Update to version 5.17/6.10 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1576 Debian Security Information: DSA-1792 (Google Search) http://www.debian.org/security/2009/dsa-1792 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00108.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00133.html http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-5.16.patch http://www.osvdb.org/54153 http://secunia.com/advisories/34948 http://secunia.com/advisories/34950 http://secunia.com/advisories/34980 http://www.vupen.com/english/advisories/2009/1216
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.