Version: 
7.x-1.x-dev
6.x-1.x-dev
Date: 
2017-December-20
Vulnerability: 
Cross site scripting
Description: 

This module enables you to use the comScore Direct analytics system on a site.

The module doesn't sufficiently sanitize one of the configuration variables prior to rendering it.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer comScore direct".

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: