Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| menhir | heartbeat | 6.x-4.2 |
| menhir | heartbeat | 6.x-4.6 |
| menhir | heartbeat | 6.x-4.3 |
| menhir | heartbeat | 6.x-4.x |
| menhir | heartbeat | 6.x-4.0 |
| menhir | heartbeat | 6.x-4.5 |
| menhir | heartbeat | 6.x-3.x |
| menhir | heartbeat | 6.x-4.1 |
| menhir | heartbeat | 6.x-2.3 |
| menhir | heartbeat | 6.x-4.4 |
| menhir | heartbeat | 6.x-3.3 |
| menhir | heartbeat | 6.x-4.7 |
| menhir | heartbeat | 6.x-3.2 |
| menhir | heartbeat | 6.x-4.8 |