AddToAny Share Buttons - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-019
Project: AddToAny Share Buttons Date: 2023-May-31 Security risk: Moderately critical 13∕25 Vulnerability: Cross Site Scripting
This module provides social media share & follow buttons.
The module doesn't sufficiently restrict AddToAny block settings to users who have permission to administer AddToAny. This allows users with lower permission to configure malicious code leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks".
Install the latest version: