Embed - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-042

Embed - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-042

Project: Embed
Date: 2022-May-25
Security risk: Moderately critical 13∕25
Vulnerability: Cross Site Scripting

Description

The Drupal Embed module provides a filter to allow embedding various embeddable items like entities in content fields.

In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed items. In some cases, this could lead to cross-site scripting (XSS).

Solution

Install the latest version:

If you use the Embed module for Drupal 8.x or 9.x, upgrade to Embed 8.x-1.5

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

We value your opinion. Please add your feedback.