Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2) description strings in a confirmation form for a triggering Rules link.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2015-07-06T14:55:00Z
Updated: 2024-09-16T23:20:40.686Z
Reserved: 2015-07-06T00:00:00Z
Link: CVE-2014-9740
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2015-07-06T15:59:05.180
Modified: 2015-07-08T14:46:51.460
Link: CVE-2014-9740
Redhat
No data.