Drupaldise: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration page.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-09-21
The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages" permission.
CVSS Score
4.9
EPSS Score
0.003
Published
2015-09-21