Описание
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
Ссылки
- PatchVendor Advisory
- Broken Link
- Third Party Advisory
- PatchThird Party AdvisoryVDB Entry
- PatchVendor Advisory
- Broken Link
- Third Party Advisory
- PatchThird Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
Drupal 6.x before 6.13 does not prevent users from modifying user sign ...
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
EPSS
6.5 Medium
CVSS2