CVE-2009-1501
The CVE applies to Drupal's Exif module (versions 5.x-1.x before 5.x-1.2, and 6.x-1.x-dev before 13 Apr 2009). The root cause is an XSS flaw that allows remote attackers to inject arbitrary script/HTML via EXIF tags in an image, with network access and no user authentication required. Impact is p...