Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CPE | Name | Operator | Version |
---|---|---|---|
fusion | eq | <= 6.x-1.12 | |
fusion | eq | 6.x-1.0 beta1 | |
fusion | eq | 6.120.10 | |
fusion | eq | 6.x-1.0 beta4 | |
fusion | eq | 6.x-1.0 rc1 | |
fusion | eq | 6.x-1.0 beta2 | |
fusion | eq | 6.x-1.0 dev | |
fusion | eq | 6.x-1.0 beta3 | |
fusion | eq | 6.120.11 |