CVE-2010-1539

The CVE-2010-1539 entry concerns a Cross-site scripting (XSS) vulnerability in Drupal’s Workflow module when used with the Token module. Affected versions are Workflow 5.x-2.x prior to 5.x-2.6 and 6.x-1.x prior to 6.x-1.4. The issue allows remote authenticated users to inject arbitrary web script...

SA-CONTRIB-2010-023 - Workflow - Cross Site Scripting

When used in combination with the Token module, the Workflow module does not escape the text entered into the Comment field of the workflow fieldset on the node form. This allows a user with the permission to change the workflow state of a node to perform a Cross Site Scripting XSS attack if a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a 1 workflow or 2 workflow state...

CVE-2009-4513

Multiple cross-site scripting XSS vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a 1 workflow or 2 workflow state...

CVE-2009-4513

CVE-2009-4513 affects the Drupal Workflow module: 5.x before 5.x-2.4 and 6.x before 6.x-1.2. An XSS vulnerability allows remote authenticated users with the administer workflow privilege to inject arbitrary script/HTML via the name of a workflow or a workflow state. Root cause is insufficient san...

CVE-2009-4513

Multiple cross-site scripting XSS vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a 1 workflow or 2 workflow state...

Cross site scripting

Cross-site scripting XSS vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties...

CVE-2008-0463

The CVE-2008-0463 entry concerns a Cross-site Scripting (XSS) vulnerability in the Drupal Workflow module, affecting versions 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2. The issue involves the ability for remote attackers to inject arbitrary web script or HTML via unspecified vectors involving...

SA-2008-009 - Workflow - Cross site scripting

The Workflow module allows the creation and assignment of arbitrary workflows to Drupal node types. Workflow does not escape certain node properties on output. It is therefore possible to inject arbitrary HTML and script code into certain workflow messages such as those displayed on the workflow...