CVE-2007-5228

Name of the Vulnerable Software and Affected Versions: Drupal versions prior to 4.7.x-1.5 Drupal versions 4.7.x-2.x prior to 4.7.x-2.5 Drupal versions 5.x-1.x prior to 5.x-1.1

Description: A cross-site scripting (XSS) issue exists in the subscription functionality of the Project issue tracking module. This allows remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors involving individual or overview forms.

Recommendations: For versions prior to 4.7.x-1.5, update to version 4.7.x-1.5 or later. For versions 4.7.x-2.x prior to 4.7.x-2.5, update to version 4.7.x-2.5 or later. For versions 5.x-1.x prior to 5.x-1.1, update to version 5.x-1.1 or later.