exploits , vulnerabilities , articles , Drupal Cross-Site Scripting, Code Injection and Information Disclosure Vulnerabilities

Title	Drupal Cross-Site Scripting, Code Injection and Information Disclosure Vulnerabilities
Published	2009-07-01-12:00AM
Updated	2009-07-03-08:19PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	Mark Piper of Catalyst IT Ltd, Sven Herrmann, and Brandon Knight, Gerhard Killesreiter, and Sumit Datta
Vulnerable	RedHat Fedora 9 0 RedHat Fedora 11 RedHat Fedora 10 Drupal Drupal 6.9 Drupal Drupal 6.7 Drupal Drupal 6.6 Drupal Drupal 6.5 Drupal Drupal 6.4 Drupal Drupal 6.3 Drupal Drupal 6.2 Drupal Drupal 6.12 Drupal Drupal 6.11 Drupal Drupal 6.10 Drupal Drupal 6.1 Drupal Drupal 6.0 Drupal Drupal 5.9 Drupal Drupal 5.8 Drupal Drupal 5.7 Drupal Drupal 5.6 Drupal Drupal 5.5 Drupal Drupal 5.4 Drupal Drupal 5.3 Drupal Drupal 5.2 Drupal Drupal 5.18 Drupal Drupal 5.17 Drupal Drupal 5.16 Drupal Drupal 5.15 Drupal Drupal 5.13 Drupal Drupal 5.12 Drupal Drupal 5.11 Drupal Drupal 5.10 Drupal Drupal 5.1 revision 1.1 Drupal Drupal 5.1 Drupal Drupal 5.0 Drupal Advanced Forum 6.x2.xdev Drupal Advanced Forum 6.x1.xdev Drupal Advanced Forum 5.x1.xdev
Not Vulnerable	Drupal Drupal 6.13 Drupal Drupal 5.19 Drupal Advanced Forum 6.x-1.1 Drupal Advanced Forum 5.x-1.1
Code	An attacker can use standard tools to exploit these issues.In some situations an attacker must trick a victim into following a malicious URI.
TXT