|
Description
|
|
A vulnerability has been reported in the Meta tags quick module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
Certain input related to names of entity bundles is not properly sanitised before being used. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
Successful exploitation of this vulnerability requires permission "administer content types", "administer vocabularies and terms", or another permission with access rights to modify names of entity bundles.
The vulnerability is reported in versions 7.x-2.x prior to 7.x-2.3.
|
