Arbitrary Web Script Injection in Custom Search Module for Drupal

Arbitrary Web Script Injection in Custom Search Module for Drupal

CVE-2014-8320 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the "Label text" field to the results configuration page.

Learn more about our Web App Pen Testing.