CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
91.5%
The comment_form_add_preview function in comment.module in Drupal before
4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with “post
comments” privileges and access to multiple input filters to execute
arbitrary code by previewing comments, which are not processed by “normal
form validation routines.”