Description

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

Remediation

References

CVE-2007-0626

Related Vulnerabilities

WordPress Plugin Slideshow Gallery LITE Multiple Vulnerabilities (1.5.3)

GlassFish CVE-2018-2911 Vulnerability (CVE-2018-2911)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (3.8.3)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43725)

Oracle Database Server CVE-2007-3854 Vulnerability (CVE-2007-3854)

Severity

Medium

Classification

CVE-2007-0626

Tags

Missing Update Known Vulnerabilities