CVE-2014-8744

Name of the Vulnerable Software and Affected Versions Nivo Slider module versions 7.x-2.x before 7.x-2.11

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title.

Recommendations For Nivo Slider module versions 7.x-2.x before 7.x-2.11, update to version 7.x-2.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the "administer nivo slider" permission to minimize the risk of exploitation.