Cross-Site Scripting Vulnerability in Drupal by Acquia
CVE-2011-2714

6.1MEDIUM

Key Information:

Vendor
Drupal
Status
Data-module
Vendor
CVE Published:
14 January 2020

Summary

A Cross-Site Scripting vulnerability is present in Drupal 6.20 and Data 6.x-1.0-alpha14. This issue arises from inadequate sanitization of user inputs, specifically concerning table descriptions, field names, or labels, prior to being displayed. If exploited, this can allow attackers to inject malicious scripts into webpages viewed by users, leading to potential data theft and compromised user experience.

Affected Version(s)

Data-module 6.x-1.0-alpha14

References

https://www.openwall.com/lists/oss-security/2011/07/26/8
x_refsource_MISC
https://www.drupal.org/node/1056470
x_refsource_MISC
https://seclists.org/fulldisclosure/2011/Feb/219
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.