CVE-2014-9499

Name of the Vulnerable Software and Affected Versions Godwin's Law module versions prior to 7.x-1.1 for Drupal

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message when the dblog module is used. This is due to a cross-site scripting (XSS) vulnerability in the Godwin's Law module.

Recommendations For Godwin's Law module versions prior to 7.x-1.1, update to version 7.x-1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Watchdog message functionality until the update is applied.