Description

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

Remediation

References

CVE-2007-0626

Related Vulnerabilities

WordPress Plugin Calendar Event Multi View Security Bypass (1.4.13)

WordPress Plugin WP Better Permalinks Cross-Site Request Forgery (3.0.4)

WordPress Plugin Welcart e-Commerce Multiple SQL Injection Vulnerabilities (1.5.2)

Chamilo URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-9540)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-0502)

Severity

Medium

Classification

CVE-2007-0626

Tags

Missing Update Known Vulnerabilities