CVE-2009-4065 Information

Description

Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables.

Reference

http://drupal.org/node/636462 http://drupal.org/node/636474 http://osvdb.org/60284 http://secunia.com/advisories/37436 http://www.securityfocus.com/bid/37055 https://exchange.xforce.ibmcloud.com/vulnerabilities/54337