CVE-2014-8745

Drupal Custom Search <7.x-1.15 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label.

References (6)

[Various Sources] http://drupal.org/node/2248077

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/92754

[Patch] https://www.drupal.org/node/2247919

[Patch] https://www.drupal.org/node/2247921

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/67062

[Third Party Advisory] http://secunia.com/advisories/58209

Scores

EPSS 0.0034

EPSS Percentile 55.9%

Classification

CWE

CWE-79

Status draft

Affected Products (28)

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

drupal/custom_search_module

... and 13 more

Timeline

Published Oct 13, 2014

Tracked Since Feb 18, 2026