Image Field Caption - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-036
Project: Image Field Caption Version: 8.x-1.1 Date: 2022-May-04 Security risk: Moderately critical 13∕25 Vulnerability: Cross Site Scripting
Image Field Caption (image_field_caption) adds an extra text area for captions on image fields.
The module doesn't sanitize user input in certain cases, which leads to a Cross-Site-Scripting (XSS) vulnerability.
The vulnerability is mitigated by several permissions, of which at least some are commonly only assigned to either editors, site builders or administrators.
Install the latest version:
If you use the image_field_caption module for Drupal 9.x, upgrade to image_field_caption 8.x-1.2