Cross-Site Scripting Vulnerability in Google Doubleclick for Publishers by Drupal
CVE-2014-8748

Currently unrated

Key Information:

Vendor

Drupal
Status
Doubleclick For Publishers
Vendor
CVE Published:
13 October 2014

What is CVE-2014-8748?

A Cross-Site Scripting (XSS) vulnerability exists in the Google Doubleclick for Publishers (DFP) module available for Drupal. This issue allows remote authenticated users with the 'administer dfp' permission to inject arbitrary web scripts or HTML through the slot name field. Without proper sanitation, this vulnerability could be exploited to execute malicious scripts in the context of the user's session.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/56521
third-party-advisoryx_refsource_SECUNIA
https://www.drupal.org/node/2172167
x_refsource_CONFIRM
https://drupal.org/node/2179085
x_refsource_MISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.