Cross-Site Scripting Vulnerability in Drupal Print Module
CVE-2014-8078

Currently unrated

Key Information:

Vendor: Drupal
Status: Print
Vendor: CVE Published:; 9 October 2014

What is CVE-2014-8078?

A Cross-Site Scripting vulnerability has been identified in the Print module of Drupal versions prior to 6.x-1.19, 7.x-1.3, and 7.x-2.0. Remote authenticated users with specific permissions can exploit this vulnerability to inject arbitrary web scripts or HTML into nodes, potentially leading to malicious content being delivered to unsuspecting users. The issue is significant as it allows authorized users to perform actions that could compromise the integrity of the web application.

References

https://www.drupal.org/node/2231191

x_refsource_CONFIRM

http://secunia.com/advisories/57402

third-party-advisoryx_refsource_SECUNIA

https://www.drupal.org/node/2231197

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2014
Vulnerability Reserved
Oct 9, 2014