CVE-2007-5228

CVE-2007-5228 is a Drupal XSS vulnerability in the subscription functionality of the Project issue tracking module. The issue enables remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors in the (1) individual and (2) ove...

CVE-2006-6646

CVE-2006-6646 : This entry covers multiple cross-site scripting (XSS) vulnerabilities in Drupal projects. Affected are Drupal modules: Project Issue Tracking (versions 4.7.x-1.0, 4.7.x-2.0) and Project (versions 4.6.x-1.0, 4.7.x-1.0, 4.7.x-2.0). The issue arises from parameters that do not use th...

CVE-2007-1368

CVE-2007-1368 concerns Drupal’s Project issue tracking module. The advisory notes that versions before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta allow remote authenticated users (with the “access project issues” permission) to read the contents of a private node by requesti...