EUVD-2011-5088

Malware in sbrugna...

CVE-2011-5188

Cross-site scripting XSS vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-5188

Drupal: The Support Timer module (6.x-1.x) is vulnerable to Cross-Site Scripting (XSS) when used or configured with version prior to 6.x-1.4. The issue can be exploited by remote authenticated users who have the track time spent permission, through unsanitized user-supplied content. A fix is avai...

CVE-2011-5188

Cross-site scripting XSS vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors...

SA-CONTRIB-2011-058 - Support Timer - Cross Site Scripting (XSS)

The Support Timer module adds a javascript-based timer to the Support Ticketing System for tracking how long users are working on support tickets, as well as administrative reports. The module does not properly sanitize user-supplied content, resulting in multiple Cross-Site Scripting XSS...