Drupal Forum Cross Site Scripting Exploit

A Cross-Site Scripting (XSS) vulnerability in the Forum module in Drupal 6.x (proir to version 6.13) allows remote attackers to inject arbitrary web scripts or HTML by requesting a specially crafted tid. The vulnerability is present only if the Forum module is activated, this is not the default configuration but the module is shipped by default with Drupal.
Vulnerabilty ID: 
CVE-2009-2373
Released Date: 
Thursday, September 24, 2009 - 19:00