CVE-2007-0534

Currently unrated

Key Information:

Vendor: Drupal
Status: Project Issue Tracking Module; Project
Vendor: CVE Published:; 26 January 2007

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/31728

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/22224

vdb-entryx_refsource_BID

http://osvdb.org/32133

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jan 26, 2007
Vulnerability Reserved
Jan 25, 2007