4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.8%
This module enables you to handle media assets (atoms) in Drupal with a Views-based library, drag and drop interface and manage content attribution/licensing/distribution.
The module doesn’t sufficiently filter atom properties such as the atom title when outputting atoms, thereby exposing a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create atoms and the Scald Flash module or the resource management feature (in the MEE submodule) must be enabled.
Drupal core is not affected. If you do not use the contributed Scald module, there is nothing you need to do.
Install the latest version:
Also see the Scald project page.