CVE-2009-1738 (feed_block)

Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in “aggregator items.”

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1738