CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
99.7%
Date module provides flexible date/time field type Date field and a Date API that other modules can use.
The module incorrectly prints date field titles without proper sanitization thereby opening a Cross Site Scripting (XSS) vulnerability.
The vulnerability is mitigated by the fact that an attacker must have a permission to create Date fields, such as “administer taxonomy” to add date fields on taxonomy terms.
Drupal core is not affected. If you do not use the contributed Date module,
there is nothing you need to do.
Install the latest version:
Also see the Date project page.