Description
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
Remediation
References
Related Vulnerabilities
Apache 2.x version older than 2.0.48
Apache 2.x version older than 2.0.51
WordPress Plugin WP Customer Reviews Unspecified Vulnerability (3.0.7)
Plone CMS Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-33509)
WebLogic Improper Input Validation Vulnerability (CVE-2019-12400)