CVE-2007-0534
Drupal Project < 5 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."
References (6)
Scores
EPSS
0.0053
EPSS Percentile
66.8%
Classification
Status
draft
Affected Products (4)
drupal/project
< 5
drupal/project
drupal/project_issue_tracking_module
< 5
drupal/project_issue_tracking_module
Timeline
Published
Jan 26, 2007
Tracked Since
Feb 18, 2026