Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log.
CPE | Name | Operator | Version |
---|---|---|---|
hostmaster | eq | 6.120.12 | |
hostmaster | eq | 6.120.13 | |
hostmaster | eq | 6.120.14 | |
hostmaster | eq | 6.120.15 | |
hostmaster | eq | 6.120.16 | |
hostmaster | eq | 6.120.17 | |
hostmaster | eq | 6.120.18 | |
hostmaster | eq | 6.x-1.x dev |