Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8319
Reference (s):
- BID:65527
- URL: http://www.securityfocus.com/bid/65527
- https://www.drupal.org/node/2194401
- https://drupal.org/node/2194809
- OSVDB:103264