CVE-2010-0370 Information

Description

Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier and 6.x-1.3 and earlier a module for Drupal allows remote authenticated users with permissions to create or edit content and administer blocks to inject arbitrary web script or HTML via the edit-title parameter (aka block title).

Reference

http://drupal.org/node/683584 http://drupal.org/node/683586 http://drupal.org/node/683598 http://packetstormsecurity.org/1001-exploits/drupalnb-xss.txt http://secunia.com/advisories/38186 http://www.osvdb.org/61682 http://www.securityfocus.com/archive/1/508933/100/0/threaded http://www.securityfocus.com/bid/37782 https://exchange.xforce.ibmcloud.com/vulnerabilities/55606