Linkit - Moderately critical - Cross Site Scripting - SA-CONTRIB-2021-042

Project: Linkit
Date: 2021-September-29
Security risk: Moderately critical 12∕25
Vulnerability: Cross Site Scripting

Description

Linkit provides an easy interface for internal and external linking with WYSIWYG editors by using an autocomplete field.

It does not sufficiently sanitize user input.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit an entity bundle.

Solution

Install the latest version:

If you use the Linkit module for Drupal 8.x, upgrade to Linkit 8.x-4.4