Cross-Site Scripting Flaw in Drupal's Meta Tag Module
CVE-2014-9362

Currently unrated

Key Information:

Vendor: Meta Tags Quick Project
Status: Meta Tags Quick
Vendor: CVE Published:; 10 December 2014

🔔 Create Meta Tags Quick Project Vulnerability Alert

What is CVE-2014-9362?

The Meta tags quick module within Drupal has a cross-site scripting vulnerability affecting versions 7.x-2.x prior to 7.x-2.8. This flaw allows remote users, granted with the 'Edit path based meta tags' permission, to inject arbitrary web scripts or HTML through vulnerabilities tied to the deletion of a Path-based Metatag. This poses a significant risk as it can lead to the execution of malicious scripts on affected sites, potentially compromising user data and site integrity.

References

https://www.drupal.org/node/2296511

x_refsource_MISC

https://www.drupal.org/node/2295975

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 10, 2014