Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbitrary web script or HTML via vectors related to the configuration.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Social Stats Project | Social Stats | <= 7.x-1.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/60759
- http://www.securityfocus.com/bid/69346
- https://www.drupal.org/node/2323983Patch
- https://www.drupal.org/node/2324681PatchVendor Advisory
- http://secunia.com/advisories/60759
- http://www.securityfocus.com/bid/69346
- https://www.drupal.org/node/2323983Patch
- https://www.drupal.org/node/2324681PatchVendor Advisory
FAQ
What is CVE-2014-5456?
CVE-2014-5456 is a vulnerability with a CVSS score of 2.1 (LOW). Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbit...
How severe is CVE-2014-5456?
CVE-2014-5456 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5456?
Check the references section above for vendor advisories and patch information. Affected products include: Social Stats Project Social Stats.