CVE-2015-6751
Summary: Drupal’s Time Tracker module (7.x-1.x) is vulnerable before 7.x-1.4 due to two XSS flaws: injecting arbitrary script/HTML via a time-entry note or via a time-tracker activity field. Root cause: insufficient input filtering on time entry notes and on the activity used to categorize entrie...