Arbitrary Script Injection Vulnerability in Drupal Messaging Module

CVE-2011-1066 · LOW Severity

AV:N/AC:H/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors.

Learn more about our Web App Pen Testing.