First published: Wed Jul 08 2009(Updated: )
Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Drupal Drupal | ||
Michelle Cox Advanced Forum | =6.x-1.0 | |
Michelle Cox Advanced Forum | =6.x-1.x-dev |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.