MidnightBSD

Advisories for social_stats_project

CVE-2014-5456 LOW

Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbitrary web script or HTML via vectors related to the configuration.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
social_stats_project social_stats 7.x-1.2
social_stats_project social_stats *
social_stats_project social_stats 7.x-1.0
social_stats_project social_stats 7.x-1.x
social_stats_project social_stats 7.x-1.1
social_stats_project social_stats 7.x-1.3