CVE-2014-5456

Name of the Vulnerable Software and Affected Versions Drupal Social Stats module versions prior to 7.x-1.5

Description The issue allows remote authenticated users with the "Content Type: Create new content" permission to inject arbitrary web script or HTML via vectors related to the configuration of the Social Stats module. This can lead to cross-site scripting (XSS) attacks.

Recommendations For versions prior to 7.x-1.5, update the Social Stats module to version 7.x-1.5 or later to resolve the issue. As a temporary workaround, consider restricting the "[Content Type]: Create new content" permission to minimize the risk of exploitation.