Drupal HTML Injection And Information Disclosure Vulnerabilities Network Vulnerability

Summary

Drupal is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability. An attacker may leverage these issues to obtain potentially sensitive information, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user other attacks are also possible. These issues affect the following: Drupal 5.x (prior to 5.17) Drupal 6.x (prior to 6.11)

References

http://drupal.org/node/449078
http://www.securityfocus.com/bid/34779

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1576

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability
@Mail WebMail Email Body HTML Injection Vulnerability
AN Guestbook Local File Inclusion Vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability

Drupal HTML Injection and Information Disclosure Vulnerabilities

Take action and discover your vulnerabilities