Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the “[Content Type]: Create new content” permission to inject arbitrary web script or HTML via vectors related to the configuration.
CPE | Name | Operator | Version |
---|---|---|---|
social_stats | eq | 7.120.10 | |
social_stats | eq | 7.120.11 | |
social_stats | eq | <= 7.x-1.4 | |
social_stats | eq | 7.x-1.x dev | |
social_stats | eq | 7.120.12 | |
social_stats | eq | 7.120.13 |