Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x prior to 6.x-2.17 for Drupal allow (1) remote malicious users to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
drupal project issue file review 6.x-2.15 |
||
drupal project issue file review 6.x-2.14 |
||
drupal project issue file review 6.x-2.12 |
||
drupal project issue file review 6.x-2.08 |
||
drupal project issue file review 6.x-2.07 |
||
drupal project issue file review 6.x-2.00 |
||
drupal project issue file review 6.x-2.05 |
||
drupal project issue file review 6.x-2.04 |
||
drupal project issue file review 6.x-2.03 |
||
drupal project issue file review 6.x-2.02 |
||
drupal project issue file review |
||
drupal project issue file review 6.x-2.10 |
||
drupal project issue file review 6.x-2.13 |
||
drupal project issue file review 6.x-2.06 |
||
drupal project issue file review 6.x-2.01 |
Vulmon