What the vulnerability does
01Description
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2.
CVSS base score
What the vulnerability does
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2.
Explanation of Vulnerability in Simple Terms
A privilege escalation vulnerability exists in Drupal Mini site module versions before 3.0.2. The module does not properly enforce access controls, allowing users with certain permissions to perform unauthorized actions. Site administrators should update to version 3.0.2 or later immediately.
What an attacker can do
Perform unauthorized actions by bypassing access control checks in the Mini site module.
Potential impact on your site
Users may be able to access or modify content they should not have permission to view or edit.
Conditions required to exploit
Attacker must have some level of access to the Drupal site; specific privilege requirements are unclear.
Key dates
External resources