Frequently Asked Questions - Moderately critical - Cross Site Scripting - SA-CONTRIB-2021-012

Frequently Asked Questions - Moderately critical - Cross Site Scripting - SA-CONTRIB-2021-012

Project: Frequently Asked Questions
Date: 2021-June-02
Security risk: Moderately critical 11∕25
Vulnerability: Cross Site Scripting

Description

The Frequently Asked Questions (faq) module allows users, with appropriate permissions, to create question and answer pairs which they want displayed on the 'faq' page. The 'faq' page is automatically generated from the FAQ nodes configured. Basic Views layouts are also provided and can be customized via the Views UI (rather than via the module settings page).

The module doesn't sufficiently sanitize editor input leading to a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the "create faq content" permission.

Solution

Install the latest version:

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

We value your opinion. Please add your feedback.