CVE-2014-8378

medium

Description

Cross-site scripting (XSS) vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to the field help text in an entity edit form.

References

https://www.drupal.org/node/2320613

https://www.drupal.org/node/2320027

https://exchange.xforce.ibmcloud.com/vulnerabilities/95312

http://www.securityfocus.com/bid/69227

http://secunia.com/advisories/60688

Details

Source: Mitre, NVD

Published: 2014-10-21

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00232