Cross-site scripting The Forum module does not correctly handle certain arguments obtained from the URL. This issue affects Drupal 6.x only. Input format access bypass User signatures have no separate input format, they use the format of the comment with which they are displayed. A user will no longer be able to edit a comment when an administrator changes the comment's input format to a format that is not accessible to the user. However they will still be able to modify their signature, which will then be processed by the new input format. This issue affects Drupal 6.x only. Password leaked in URL When an anonymous user fails to login due to mistyping his username or password, and the page he is on contains a sortable table, the (incorrect) username and password are included in links on the table. If the user visits these links the password may then be leaked to external sites via the HTTP referer. In addition, if the anonymous user is enticed to visit the site via a specially crafted URL while the Drupal page cache is enabled, a malicious user might be able to retrieve the (incorrect) username and password from the page cache.
Issue 2 might lead to the execution of arbitrary PHP code, rating as ~1.
Thank you for report. 5.19 and 6.13 added to the tree.
closed, thanks.
CVE-2009-2372 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2372): Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature. CVE-2009-2373 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2373): Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2009-2374 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2374): Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.