SHARE
CORE IMPACT v9 - Exploits Update (Fri Sep 25 2009)
Drupal Forum Cross Site Scripting Exploit
Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities []
• Fri Sep 25 2009
A Cross-Site Scripting (XSS) vulnerability in the Forum module in Drupal 6.x (proir to version 6.13) allows remote attackers to inject arbitrary web scripts or HTML by requesting a specially crafted tid. The vulnerability is present only if the Forum module is activated, this is not the default configuration but the module is shipped by default with Drupal.
Exploits Vulnerabiltiy: CVE-2009-2373