Cross-Site Scripting Vulnerability in Custom Search Module for Drupal
CVE-2014-8745

Currently unrated

Key Information:

Vendor

Drupal
Status
Custom Search Module
Vendor
CVE Published:
13 October 2014

What is CVE-2014-8745?

A Cross-Site Scripting (XSS) vulnerability exists in the Custom Search module of Drupal, affecting versions prior to 6.x-1.13 and 7.x-1.15. This flaw allows remote authenticated users with the 'administer taxonomy' permission to inject arbitrary web scripts or HTML into taxonomy vocabulary labels. Successful exploitation could lead to unauthorized actions affecting users of the application. Users are encouraged to update to the latest versions to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.drupal.org/node/2247919
x_refsource_CONFIRM
http://www.securityfocus.com/bid/67062
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/92754
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.