CVE-2015-4381

Name of the Vulnerable Software and Affected Versions Drupal Invoice module versions 6.x-1.x before 6.x-1.2 Drupal Invoice module versions 7.x-1.x before 7.x-1.3

Description A cross-site scripting (XSS) issue exists in the Invoice module for Drupal, allowing remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecified vectors involving nodes of the "Invoice" content type.

Recommendations For Drupal Invoice module versions 6.x-1.x before 6.x-1.2, update to version 6.x-1.2 or later. For Drupal Invoice module versions 7.x-1.x before 7.x-1.3, update to version 7.x-1.3 or later.