Unrated severityNVD Advisory· Published Jul 8, 2009· Updated Jun 16, 2026
CVE-2009-2372
CVE-2009-2372
Description
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- drupal.org/node/507572nvdPatchVendor Advisory
- www.securitytracker.com/idnvdPatchThird Party AdvisoryVDB Entry
- secunia.com/advisories/35681nvdThird Party Advisory
- osvdb.org/55525nvdBroken Link
News mentions
0No linked articles in our index yet.