exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2009-2372

почти 16 лет назад

Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.

CVSS2: 6.5

EPSS: Низкий

CVE-2009-2372

почти 16 лет назад

Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.

CVSS2: 6.5

EPSS: Низкий

CVE-2009-2372

почти 16 лет назад

Drupal 6.x before 6.13 does not prevent users from modifying user sign ...

CVSS2: 6.5

EPSS: Низкий

GHSA-229h-mpm4-83qq

около 3 лет назад

Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2009-2372 Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.	CVSS2: 6.5	1% Низкий	почти 16 лет назад
CVE-2009-2372 Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.	CVSS2: 6.5	1% Низкий	почти 16 лет назад
CVE-2009-2372 Drupal 6.x before 6.13 does not prevent users from modifying user sign ...	CVSS2: 6.5	1% Низкий	почти 16 лет назад
GHSA-229h-mpm4-83qq Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.		1% Низкий	около 3 лет назад

Уязвимостей на страницу