CVE-2007-0534

N/A Unknown

Published: January 26, 2007 Modified: April 23, 2026

Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://drupal.org/node/112146

Source: cve@mitre.org

http://osvdb.org/32133

Source: cve@mitre.org

http://secunia.com/advisories/23908

Source: cve@mitre.org

http://www.securityfocus.com/bid/22224

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0312

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/31728

Source: cve@mitre.org

http://drupal.org/node/112146

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/32133

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/23908

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/22224

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/0312

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/31728

Source: af854a3a-2127-422b-91ae-364da2661108

12 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.5%

67th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

drupal