CVE-2014-8378

Name of the Vulnerable Software and Affected Versions TableField module versions 7.x-2.x before 7.x-2.3

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users with specific permissions to inject arbitrary web script or HTML. This is related to the field help text in an entity edit form. The estimated number of potentially affected devices is not specified.

Recommendations For TableField module versions 7.x-2.x before 7.x-2.3, update to version 7.x-2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the entity edit form for users with the "administer content types" or "administer taxonomy" permission until the update is applied.