Описание
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
Ссылки
- Broken Link
- PatchVendor Advisory
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Broken Link
- PatchVendor Advisory
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
EPSS
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
The comment_form_add_preview function in comment.module in Drupal befo ...
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
EPSS
6.5 Medium
CVSS2