CVE-2014-9740
Last modified
CVE-2014-9740 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2) description strings in a confirmation form for a triggering Rules link.. EPSS estimates a 0.95% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2) description strings in a confirmation form for a triggering Rules link.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rules Link Project | Rules Link | 7.x-1.0 |
References
- https://www.drupal.org/node/2328567Patch, Vendor Advisory
- https://www.drupal.org/node/2328567Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-9740?
How severe is CVE-2014-9740?
How do I fix CVE-2014-9740?
Are you affected by CVE-2014-9740?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST