Navbar - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-011

Project: Navbar
Date: 2022-January-25
Security risk: Moderately critical 13∕25
Vulnerability: Cross Site Scripting

Description

This module provides a very simple, mobile-friendly navigation toolbar.

The module doesn't sufficiently check for user-provided input.

This vulnerability is mitigated by the fact that an attacker must have the ability to post content using a text format (like the default "Filtered HTML" format) that won't filter out the exploit code.

Solution

Install the latest version:

If you use the Navbar module for Drupal 7.x, upgrade to Navbar 7.x-1.8