Drupal Forum Cross Site Scripting Exploit

A Cross-Site Scripting (XSS) vulnerability in the Forum module in Drupal 6.x (proir to version 6.13) allows remote attackers to inject arbitrary web scripts or HTML by requesting a specially crafted tid. The vulnerability is present only if the Forum module is activated, this is not the default configuration but the module is shipped by default with Drupal.
Platform: 
Vulnerabilty ID: 
CVE-2009-2373
Product Version: 
9.0
Released Date: 
Friday, September 25, 2009 - 00:00