CVE-2014-5456

Social Stats < 7.x-1.4 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbitrary web script or HTML via vectors related to the configuration.

References (4)

[Patch] https://www.drupal.org/node/2323983

[Patch, Vendor Advisory] https://www.drupal.org/node/2324681

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/69346

[Third Party Advisory] http://secunia.com/advisories/60759

Scores

EPSS 0.0020

EPSS Percentile 42.0%

Details

CWE

CWE-79

Status published

Products (7)

social_stats_project/social_stats < 7.x-1.4

social_stats_project/social_stats

n/a/n/a

Published Aug 25, 2014

Tracked Since Feb 18, 2026