CVE-2014-8765

Name of the Vulnerable Software and Affected Versions Drupal Project Issue File Review module (PIFR) versions 6.x-2.x before 6.x-2.17

Description The issue allows remote attackers to inject arbitrary web script or HTML via a crafted patch. This triggers a PIFR client to test the patch and return the results to the PIFR Server test results page. Additionally, remote authenticated users with the "manage PIFR environments" permission can inject arbitrary web script or HTML via vectors involving a PIFR Server administrative page.

Recommendations For versions prior to 6.x-2.17, update to version 6.x-2.17 or later to resolve the issue.