CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
EPSS
Percentile
41.4%
This module enables you to easily integrate the Zendesk Support Tab on your Drupal website.
The module allows Javascript code to be embedded via its administration interface, allowing for the potential of cross-site scripting attacks. The module did not properly indicate that site administrators should restrict access to that permission to only trusted users.
This vulnerability is mitigated by the fact that an attacker must have a role with the Configure Zendesk Feedback Tab permission.
Drupal core is not affected. If you do not use the contributed Zendesk Feedback Tab module, there is nothing you need to do.
Install the latest version:
Also see the Zendesk Feedback Tab project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/node/2561887
www.drupal.org/project/zendesk_feedbacktab
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/blainelang
www.drupal.org/u/greggles
www.drupal.org/writing-secure-code