This module enables you to output a field as a slideshow.
The module doesn't sufficiently filter strings added to the fields leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have the ability to create content which is output as a slideshow.
- If you use the Field Slideshow module for Drupal 7.x, upgrade to Field Slideshow 7.x-1.83
Also see the Field Slideshow project page.
- Szczepan Musial
- Liang Shen
- Greg Knaddison of the Drupal Security Team
- Damien McKenna of the Drupal Security Team
- Yonatan Offek
- Greg Knaddison of the Drupal Security Team
- Damien McKenna of the Drupal Security Team