Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL.
2010-08-16T20:00:03.153
2025-04-11T00:51:21.963
Deferred
CVSSv2: 2.6 (LOW)
AV:N/AC:H/Au:N/C:N/I:P/A:N
4.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | drupal | devel_module | ≤ 5x-1.2 | Yes |
| Application | drupal | devel_module | ≤ 6.x-1.20 | Yes |
| Application | drupal | devel_module | 5.x-1.0 | Yes |
| Application | drupal | devel_module | 5.x-1.1 | Yes |
| Application | drupal | devel_module | 5.x-1.3 | Yes |
| Application | drupal | devel_module | 6.x-1.0 | Yes |
| Application | drupal | devel_module | 6.x-1.1 | Yes |
| Application | drupal | devel_module | 6.x-1.2 | Yes |
| Application | drupal | devel_module | 6.x-1.3 | Yes |
| Application | drupal | devel_module | 6.x-1.4 | Yes |
| Application | drupal | devel_module | 6.x-1.5 | Yes |
| Application | drupal | devel_module | 6.x-1.6 | Yes |
| Application | drupal | devel_module | 6.x-1.7 | Yes |
| Application | drupal | devel_module | 6.x-1.8 | Yes |
| Application | drupal | devel_module | 6.x-1.9 | Yes |
| Application | drupal | devel_module | 6.x-1.10 | Yes |
| Application | drupal | devel_module | 6.x-1.11 | Yes |
| Application | drupal | devel_module | 6.x-1.12 | Yes |
| Application | drupal | devel_module | 6.x-1.13 | Yes |
| Application | drupal | devel_module | 6.x-1.14 | Yes |
| Application | drupal | devel_module | 6.x-1.15 | Yes |
| Application | drupal | devel_module | 6.x-1.16 | Yes |
| Application | drupal | devel_module | 6.x-1.17 | Yes |
| Application | drupal | devel_module | 6.x-1.18 | Yes |
| Application | drupal | devel_module | 6.x-1.19 | Yes |