2 matches found
CVE-2007-0534
CVE-2007-0534 affects Drupal modules Project issue tracking (versions 4.7.0–5.x before 20070123) and Project (versions 4.6.0–5.x before 20070123). Vulnerability: cross-site scripting (XSS) via (a) certain fields on project nodes and (b) certain project-specific issue-tracking settings, enabling r...
CVE-2008-0576
The CVE-2008-0576 entry describes a Cross-site scripting (XSS) vulnerability in Drupal’s Project Issue Tracking module (versions 5.x-2.x-dev before 20080130; 5.x-1.x series up to 1.2; 4.7.x up to 2.6/1.6) where remote authenticated users can inject arbitrary web script or HTML via unspecified vec...