5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.0%
Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the βtrack time spentβ permission to inject arbitrary web script or HTML via unspecified vectors.
drupal.org/node/1357278
drupal.org/node/1357384
secunia.com/advisories/47030
www.osvdb.org/77423
exchange.xforce.ibmcloud.com/vulnerabilities/71596