Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2019-November-13
Vulnerability:
Cross site scripting
Affected versions:
<1.83.0
Description:
This module enables you to output a field as a slideshow.
The module doesn't sufficiently filter strings added to the fields leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have the ability to create content which is output as a slideshow.
Solution:
- If you use the Field Slideshow module for Drupal 7.x, upgrade to Field Slideshow 7.x-1.83
Also see the Field Slideshow project page.
Reported By:
Fixed By:
- Szczepan Musial
- Liang Shen
- Greg Knaddison of the Drupal Security Team
- Damien McKenna of the Drupal Security Team
- Yonatan Offek
Coordinated By:
- Greg Knaddison of the Drupal Security Team
- Damien McKenna of the Drupal Security Team
