2 matches found
CVE-2011-5188
Drupal: The Support Timer module (6.x-1.x) is vulnerable to Cross-Site Scripting (XSS) when used or configured with version prior to 6.x-1.4. The issue can be exploited by remote authenticated users who have the track time spent permission, through unsanitized user-supplied content. A fix is avai...
SA-CONTRIB-2011-058 - Support Timer - Cross Site Scripting (XSS)
The Support Timer module adds a javascript-based timer to the Support Ticketing System for tracking how long users are working on support tickets, as well as administrative reports. The module does not properly sanitize user-supplied content, resulting in multiple Cross-Site Scripting XSS...