Cross-Site Scripting Vulnerabilities in Drupal Tracking Module
CVE-2007-0534

Currently unrated

Key Information:

Vendor: Drupal
Status: Project Issue Tracking Module; Project
Vendor: CVE Published:; 26 January 2007

Summary

Multiple cross-site scripting vulnerabilities exist in the Project issue tracking module for Drupal, allowing authenticated users to inject arbitrary scripts or HTML. This can occur through specific fields on project nodes or settings related to issue tracking, potentially allowing for unauthorized actions or data exfiltration.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/31728

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/22224

vdb-entryx_refsource_BID

http://osvdb.org/32133

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jan 26, 2007
Vulnerability Reserved
Jan 25, 2007