CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
99.7%
This module enables you to integrate your Drupal site with TechSmith Relay software.
The module doesn’t sufficiently sanitize user input under the meta access tab.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “view meta information”.
Drupal core is not affected. If you do not use the contributed Camtasia Relay module,
there is nothing you need to do.
Install the latest version:
Also see the Camtasia Relay project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/node/2480169
www.drupal.org/node/2480171
www.drupal.org/project/camtasia_relay
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/user/154069
www.drupal.org/user/19668
www.drupal.org/user/2301194
www.drupal.org/user/372123
www.drupal.org/writing-secure-code