Unrated severityNVD Advisory· Published Dec 1, 2014· Updated Jun 17, 2026
CVE-2014-9153
CVE-2014-9153
Description
Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:services_project:services:7.x-3.9:*:*:*:*:drupal:*:*
Patches
Vulnerability mechanics
References
2- www.drupal.org/node/2344389nvdVendor Advisory
- www.drupal.org/node/2344423nvdVendor Advisory
News mentions
0No linked articles in our index yet.