CVE-2014-9740

Name of the Vulnerable Software and Affected Versions Rules Link module versions 7.x-1.x before 7.x-1.1

Description The issue allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors. This is due to improper handling in the question and description strings in a confirmation form for a triggering Rules link.

Recommendations For Rules Link module versions 7.x-1.x before 7.x-1.1, update to version 7.x-1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "administer rules links" permission to minimize the risk of exploitation.