Maxlength - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-073

Джерело:
Security advisories for contributed projects

Дата публікації:
09/10/2019 18:54

Постійна адреса новини:
http://www.vsinovyny.com/6282382

Maxlength - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-073

09/10/2019 18:54 // Security advisories for contributed projects

Project:

Maxlength

Date:

2019-October-09

Security risk:

Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All

Vulnerability:

Cross Site Scripting

Description:

This module enables you to set a maximum length allowed on text fields and indicate how many characters are left.

The module doesn't sufficiently filter strings leading to a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact the malicious script will not be triggered in the browser of UID 1 nor any user with "Bypass maxlength setting".

Solution:

Install the latest version:

If you use the Maxlength module for Drupal 7.x, upgrade to Maxlength 7.x-3.3

Also see the Maxlength project page.

Reported By:

Yonatan Offek

Fixed By:

Coordinated By:

Greg Knaddison Drupal Security Team member

» Читати повністю

«	Наступна новина з архіву Корупція в Дніпрі: підлеглим Філатова оголосили нові підозри	Попередня новина з архіву Порошенко про відвід військ: Втрачаємо близько 30 населених пунктів	»