Vulnerabilities > Drupal > Project Issue Tracking Module > 4.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-05 | CVE-2008-0577 | Permissions, Privileges, and Access Controls vulnerability in Drupal Project Issue Tracking Module 4.7/5.0 The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal (1) does not restrict the extensions of attached files when the Upload module is enabled for issue nodes, which allows remote attackers to upload and possibly execute arbitrary files; and (2) accepts the .html extension within the bundled file-upload functionality, which allows remote attackers to upload files containing arbitrary web script or HTML. | 6.4 |
| 2008-02-05 | CVE-2008-0576 | Cross-Site Scripting vulnerability in Drupal Project Issue Tracking Module 4.7/5 Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors that write to summary table pages. | 4.3 |
| 2007-01-26 | CVE-2007-0506 | Multiple vulnerability in Drupal Project and Project Issues Tracking Modules The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests. network drupal | 6.0 |
| 2007-01-26 | CVE-2007-0505 | Multiple vulnerability in Drupal Project and Project Issues Tracking Modules Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue. network drupal | 8.5 |