Vulnerabilities > John Vandyk > Workflow > 5.x.2.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-04-26 | CVE-2010-1539 | Cross-Site Scripting vulnerability in John Vandyk Workflow Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field. | 2.1 |