CVSS: 3.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-8744
https://notcve.org/view.php?id=CVE-2014-8744
Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title. Vulnerabilidad de XSS en el módulo Nivo Slider 7.x-2.x anterior a 7.x-1.11 para Drupal permite a usuarios remotos autenticados con el permiso 'administrar nivo slider' inyectar secuencias de comandos web o HTML arbitrarios a través de un título de imagen. • http://secunia.com/advisories/57459 http://www.securityfocus.com/bid/66327 https://exchange.xforce.ibmcloud.com/vulnerabilities/92009 https://www.drupal.org/node/2220545 https://www.drupal.org/node/2221481 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •