2 matches found
SA-CONTRIB-2011-058 - Support Timer - Cross Site Scripting (XSS)
The Support Timer module adds a javascript-based timer to the Support Ticketing System for tracking how long users are working on support tickets, as well as administrative reports. The module does not properly sanitize user-supplied content, resulting in multiple Cross-Site Scripting XSS...
[SA23908] Drupal Project Module Script Insertion Vulnerability
TITLE: Drupal Project Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA23908 VERIFY ADVISORY: http://secunia.com/advisories/23908/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Drupal Project Module 4.x http://secunia.com/product/12912/ DESCRIPTION:...