SA-CONTRIB-2010-054 - Storm - Cross Site Scripting (XSS)
The Storm project provides a group of modules for project management and billing. The module displays data entered by users without sanitising it, allowing for a cross site scripting XSS attack that may lead to a malicious user gaining full administrative access. Versions affected Storm project f...