Description
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging.
Affected products
- 2bits / currency6.x-1.1
- 2bits / currency4.7.x-1.x-dev – 4.7.x-1.x-dev
- 2bits / currency5.x-1.0 – 5.x-1.0
- 2bits / currency5.x-1.1 – 5.x-1.1
- 2bits / currency5.x-1.1 – 5.x-1.1
- 2bits / currency5.x-1.2 – 5.x-1.2
- 2bits / currency5.x-1.3 – 5.x-1.3
- 2bits / currency5.x-1.x-dev – 5.x-1.x-dev
- 2bits / currency6.x-1.0 – 6.x-1.0
- 2bits / currency6.x-1.x-dev – 6.x-1.x-dev
References
- MISChttp://osvdb.org/61587
- VENDOR_ADVISORYhttp://secunia.com/advisories/38121
- MISChttp://www.securityfocus.com/bid/37649
- MISChttp://drupal.org/node/676214
- MISChttp://drupal.org/node/676216
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/55453
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/0063