CVE-2014-8376

low

Published 2014-10-21 · Modified 2026-05-06

CVSS v3

—

CVSS v2

3.5

VIR risk

3.5

Description

Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.drupal.org/node/2324689

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.drupal.org/node/2324303

Application impact

Vendor	Product	Versions	Fixed
site_banner_project	site_banner	`{"endIncluding":"7.x-4.0"}`

References

http://secunia.com/advisories/60758
http://www.securityfocus.com/bid/69343
https://www.drupal.org/node/2324303
https://www.drupal.org/node/2324689
http://secunia.com/advisories/60758
http://www.securityfocus.com/bid/69343
https://www.drupal.org/node/2324303
https://www.drupal.org/node/2324689

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.