Maxlength - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-073
Project: Maxlength Date: 2019-October-09 Security risk: Moderately critical 13∕25 Vulnerability: Cross Site Scripting
This module enables you to set a maximum length allowed on text fields and indicate how many characters are left.
The module doesn't sufficiently filter strings leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact the malicious script will not be triggered in the browser of UID 1 nor any user with "Bypass maxlength setting".
Install the latest version: