View online: https://www.drupal.org/sa-contrib-2017-095
Project: ComScore direct tag [1] Date: 2017-December-20 Security risk: *Critical* 18∕25 AC:None/A:None/CI:Some/II:Some/E:Proof/TD:Default [2] Vulnerability: Unsupported
Description: A simple module to add in the JS for the comScore Direct tag to your Drupal site.
The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. The security team takes action in cases like this without regard to the severity of the security issue in question. If you would like to maintain this module, please read: https://www.drupal.org/node/251466 [3]
All projects that are being marked unsupported are given a score of critical. Code that is no longer maintained poses a threat to securing sites.
Solution: If you use the ComScore Direct tag module for Drupal you should uninstall it.
Reported By: Balazs Janos Tatar [4]
Fixed By: N/A
[1] https://www.drupal.org/project/comscore_direct [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/node/251466 [4] https://www.drupal.org/u/tatarbj