Cross-Site Scripting Vulnerability in Drupal Project Issue Tracking Module

CVE-2007-5228

Summary

The Project Issue Tracking Module for Drupal suffers from a cross-site scripting vulnerability that allows remote authenticated users with project creation or editing permissions to inject arbitrary web scripts or HTML. This vulnerability is present in versions prior to 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1. Attack vectors involve manipulation of individual forms or overview forms, enabling unauthorized execution of scripts, which can lead to compromised user data or accounts.

References