CVE-2015-3390 Information

Description

Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the \access administration pages\ permission to inject arbitrary web script or HTML via unspecified vectors.

Reference

http://www.openwall.com/lists/oss-security/2015/02/05/16 http://www.securityfocus.com/bid/72570 https://exchange.xforce.ibmcloud.com/vulnerabilities/100655 https://www.drupal.org/node/2420161