CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
99.7%
Facebook Album Fetcher module allows you to fetch Facebook albums from a Facebook account.
The module incorrectly prints fields without proper sanitization thereby exposing a Cross Site Scripting vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “access administration pages”.
Drupal core is not affected. If you do not use the contributed Facebook Album Fetcher module,
there is nothing you need to do.
If you use the Facebook Album Fetcher module you should uninstall it.
Also see the Facebook Album Fetcher project page.
Not applicable.