Cross-Site Scripting Vulnerability in Custom Search Module for Drupal
CVE-2014-8745

Currently unrated

Key Information:

Vendor: Drupal
Status: Custom Search Module
Vendor: CVE Published:; 13 October 2014

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the Custom Search module of Drupal, affecting versions prior to 6.x-1.13 and 7.x-1.15. This flaw allows remote authenticated users with the 'administer taxonomy' permission to inject arbitrary web scripts or HTML into taxonomy vocabulary labels. Successful exploitation could lead to unauthorized actions affecting users of the application. Users are encouraged to update to the latest versions to mitigate potential risks.

References

https://www.drupal.org/node/2247919

x_refsource_CONFIRM

http://www.securityfocus.com/bid/67062

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/92754

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 13, 2014
Vulnerability Reserved
Oct 13, 2014