Lottiefiles Field - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-046

Project: Lottiefiles Field
Date: 2022-June-29
Security risk: Moderately critical 14∕25
Vulnerability: Cross Site Scripting

Description

The Lottiefiles Field module enables you to integrate the lottiefiles features into your page.

The module does not sufficiently filter user-provided text on output, resulting in a Cross-Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit content that has lottiefiles fields.

Solution

Install the latest version:

If you use the lottifiles_field module for Drupal 8.x or 9.x, upgrade to Lottiefiles Field 1.0.3.

Nick Onom
Marketing Project Manager

Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

Drupal · Security

Lottiefiles Field - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-046

Description

Solution

We value your opinion. Please add your feedback.