CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
EPSS
Percentile
99.7%
The Social Stats module enables you to collect statistics from various social networks and use that data with the Views module as field data, sort criteria, or filter criteria.
The module does not sufficiently filter user-supplied text that is stored in the configuration, resulting in a persistent Cross Site Scripting vulnerability (XSS).
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “[Content Type]: Create new content”.
Drupal core is not affected. If you do not use the contributed Social Stats module,
there is nothing you need to do.
Install the latest version:
Also see the Social Stats project page.
www.drupal.org/contact
www.drupal.org/node/2323983
www.drupal.org/project/social_stats
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/user/329570
www.drupal.org/user/36762
www.drupal.org/user/88338
www.drupal.org/user/981944
www.drupal.org/writing-secure-code