CVE-2010-2048

Name of the Vulnerable Software and Affected Versions Drupal Heartbeat module versions prior to 6.x-4.9

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, which can lead to multiple cross-site scripting (XSS) vulnerabilities.

Recommendations For versions prior to 6.x-4.9, update to version 6.x-4.9 or later to resolve the issue.