Description
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
Remediation
References
Related Vulnerabilities
WordPress Plugin File Away Multiple Unspecified Vulnerabilities (3.8.4)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2865)
WordPress Plugin CMS Tree Page View Cross-Site Scripting (1.2.31)
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7117)