Описание
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 6.12-1.1ubuntu1 |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | released | 6.10-1ubuntu0.1 |
| upstream | released | 6.13 |
Показывать по
Ссылки на источники
6.5 Medium
CVSS2
Связанные уязвимости
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
Drupal 6.x before 6.13 does not prevent users from modifying user sign ...
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
6.5 Medium
CVSS2