Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 2bits | currency | 5.x-1.3 |
| 2bits | currency | 5.x-1.0 |
| 2bits | currency | 6.x-1.x-dev |
| 2bits | currency | 5.x-1.x-dev |
| 2bits | currency | * |
| 2bits | currency | 4.7.x-1.x-dev |
| 2bits | currency | 5.x-1.1 |
| 2bits | currency | 6.x-1.0 |
| 2bits | currency | 5.x-1.2 |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 2bits | currency | * |