Image Field Caption - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-036

Project: Image Field Caption
Version: 8.x-1.1
Date: 2022-May-04
Security risk: Moderately critical 13∕25
Vulnerability: Cross Site Scripting

Description

Image Field Caption (image_field_caption) adds an extra text area for captions on image fields.

The module doesn't sanitize user input in certain cases, which leads to a Cross-Site-Scripting (XSS) vulnerability.

The vulnerability is mitigated by several permissions, of which at least some are commonly only assigned to either editors, site builders or administrators.

Solution

Install the latest version:

If you use the image_field_caption module for Drupal 9.x, upgrade to image_field_caption 8.x-1.2

Nick Onom
Marketing Project Manager

Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

Drupal · Security

Image Field Caption - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-036

Description

Solution

We value your opinion. Please add your feedback.