3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.967 High
EPSS
Percentile
99.7%
Nivo Slider provides a way to showcase featured content. Nivo Slider gives administrators a simple method of adding slides to the slideshow, an administration interface to configure slideshow settings, and simple slider positioning using the Drupal block system.
The module doesn’t sufficiently sanitize the title of images in the slider.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “administer nivo slider”.
Drupal core is not affected. If you do not use the contributed Nivo Slider module, there is nothing you need to do.
Install the latest version:
Also see the Nivo Slider project page.
drupal.org/contact
drupal.org/project/nivo_slider
drupal.org/security-team
drupal.org/security-team/risk-levels
drupal.org/security/secure-configuration
drupal.org/user/2766355
drupal.org/user/91990
drupal.org/writing-secure-code
drupal.org/node/2220545
drupal.org/user/173461
drupal.org/user/290182
drupal.org/user/395439
twitter.com/drupalsecurity