Arbitrary Script Injection Vulnerability in Drupal Boxes Module

Arbitrary Script Injection Vulnerability in Drupal Boxes Module

CVE-2013-0259 · LOW Severity

AV:N/AC:H/AU:S/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.

Learn more about our Web App Pen Testing.