Drupal Vulnerability - CVE-2007-0626

The comment_form_add_preview function in comment.module in Drupal before 4.7.6 and 5.x before 5.1 and vbDrupal allows remote attackers with quotpost commentsquot privileges and access to multiple input filters to execute arbitrary code by previewing comments which are not processed by quotnormal form validation routines.quot