CVE-2011-2714

CVE-2011-2714

EPSS 1.2%

A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.

Affected products

Drupal · Data-module

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://seclists.org/fulldisclosure/2011/Feb/219 https://www.drupal.org/node/1056470 https://www.openwall.com/lists/oss-security/2011/07/26/8