Date published: 2014-10-20T13:55:06.493-04:00
Date last modified: 2014-10-24T14:11:47.827-04:00
CVSS Score: 3.5
Principal attack vector: NETWORK
Reference URL: http://www.openwall.com/lists/oss-security/2014/07/31/2
Summary: Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.