CVE-2014-9739

Name of the Vulnerable Software and Affected Versions Node Field module versions 7.x-2.x before 7.x-2.45 for Drupal

Description The issue allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields. This is a cross-site scripting (XSS) issue.

Recommendations For Node Field module versions 7.x-2.x before 7.x-2.45, update to version 7.x-2.45 or later to resolve the issue.