Drupal HTML Injection And Information Disclosure Vulnerabilities Network Vulnerability

Summary

Drupal is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability. An attacker may leverage these issues to obtain potentially sensitive information, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user other attacks are also possible. These issues affect the following: Drupal 5.x (prior to 5.17) Drupal 6.x (prior to 6.11)

References

http://drupal.org/node/449078
http://www.securityfocus.com/bid/34779

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1576
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat TroubleShooter Servlet Installed
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness

Drupal HTML Injection and Information Disclosure Vulnerabilities

Take action and discover your vulnerabilities