Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2009-2372

Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.8%
CVSS Severity
CVSS v2 Score 6.5
Products affected by CVE-2009-2372
  • Drupal » Drupal » Version: 6.0
    cpe:2.3:a:drupal:drupal:6.0
  • Drupal » Drupal » Version: 6.1
    cpe:2.3:a:drupal:drupal:6.1
  • Drupal » Drupal » Version: 6.10
    cpe:2.3:a:drupal:drupal:6.10
  • Drupal » Drupal » Version: 6.11
    cpe:2.3:a:drupal:drupal:6.11
  • Drupal » Drupal » Version: 6.12
    cpe:2.3:a:drupal:drupal:6.12
  • Drupal » Drupal » Version: 6.2
    cpe:2.3:a:drupal:drupal:6.2
  • Drupal » Drupal » Version: 6.3
    cpe:2.3:a:drupal:drupal:6.3
  • Drupal » Drupal » Version: 6.4
    cpe:2.3:a:drupal:drupal:6.4
  • Drupal » Drupal » Version: 6.5
    cpe:2.3:a:drupal:drupal:6.5
  • Drupal » Drupal » Version: 6.6
    cpe:2.3:a:drupal:drupal:6.6
  • Drupal » Drupal » Version: 6.7
    cpe:2.3:a:drupal:drupal:6.7
  • Drupal » Drupal » Version: 6.8
    cpe:2.3:a:drupal:drupal:6.8
  • Drupal » Drupal » Version: 6.9
    cpe:2.3:a:drupal:drupal:6.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved