5.x.2.x

DATE	CVE	VULNERABILITY TITLE	RISK
2010-04-26	CVE-2010-1539	Cross-Site Scripting vulnerability in John Vandyk Workflow Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field. network high complexity john-vandyk drupal CWE-79	2.1