Cross-site scripting (XSS) vulnerability in the subscription functionality in the Project issue tracking module prior to 4.7.x-1.5, 4.7.x-2.x prior to 4.7.x-2.5, and 5.x-1.x prior to 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors involving a (1) individual or (2) overview form.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal project issue tracking 4.7_1.2 |
||
drupal drupal project issue tracking 4.7_2.0 |
||
drupal drupal project issue tracking 4.7_2.1 |
||
drupal drupal project issue tracking 4.7_2.2 |
||
drupal drupal project issue tracking 5.0_0.1 |
||
drupal drupal project issue tracking 4.7_1.0 |