Embed - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-042
Project: Embed Date: 2022-May-25 Security risk: Moderately critical 13∕25 Vulnerability: Cross Site Scripting
The Drupal Embed module provides a filter to allow embedding various embeddable items like entities in content fields.
In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed items. In some cases, this could lead to cross-site scripting (XSS).
Install the latest version:
If you use the Embed module for Drupal 8.x or 9.x, upgrade to Embed 8.x-1.5