Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9.

JFacets before 0.2 allows remote attackers to gain privileges as any account via a GET request with a modified account profileID.