CVE-2011-5188
https://notcve.org/view.php?id=CVE-2011-5188
Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo Timer Support v6.x-1.x antes de v6.x-1.4 para Drupal permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con el permiso "tiempo de pista finalizado" a través de vectores no especificados. • http://drupal.org/node/1357278 http://drupal.org/node/1357384 http://secunia.com/advisories/47030 http://www.osvdb.org/77423 https://exchange.xforce.ibmcloud.com/vulnerabilities/71596 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-5187
https://notcve.org/view.php?id=CVE-2011-5187
Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Support Ticketing System v6.x-1.x anteriores a v6.x-1.7 para Drupal, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1357300 http://drupal.org/node/1357378 http://secunia.com/advisories/47056 http://www.osvdb.org/77424 http://www.securityfocus.com/bid/50871 https://exchange.xforce.ibmcloud.com/vulnerabilities/71598 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •