Drupal Mini Site Privilege Defined With Unsafe Actions Vulnerability Allowing Stored Cross-Site Scripting

A vulnerability in the Drupal Mini Site module, specifically in versions prior to 3.0.2, allows for stored cross-site scripting (XSS) attacks. This issue arises from privilege definitions that permit unsafe actions.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where malicious scripts are injected and executed in the context of the user.