2 matches found
CVE-2015-6751
Summary: Drupal’s Time Tracker module (7.x-1.x) is vulnerable before 7.x-1.4 due to two XSS flaws: injecting arbitrary script/HTML via a time-entry note or via a time-tracker activity field. Root cause: insufficient input filtering on time entry notes and on the activity used to categorize entrie...
Time Tracker - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-135
This module enables you to track time on entities and comments. The module doesn't sufficiently filter notes added to time entries, leading to an XSS/JavaScript injection vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Add Time...