CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
99.7%
This module enables users to have a block displaying the result of the last poll as a chart.
The module doesn’t sufficiently sanitize poll node titles when displaying the block.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create polls and the poll chart block must be enabled.
Drupal core is not affected. If you do not use the contributed Poll Chart Block module,
there is nothing you need to do.
Install the latest version:
Also see the Poll Chart Block project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/poll_chart
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/user/1852732
www.drupal.org/user/199303
www.drupal.org/user/2301194
www.drupal.org/writing-secure-code