Maxlength - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-073

Maxlength - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-073

Project: Maxlength
Date: 2019-October-09
Security risk: Moderately critical 13∕25 
Vulnerability: Cross Site Scripting

Description

This module enables you to set a maximum length allowed on text fields and indicate how many characters are left.

The module doesn't sufficiently filter strings leading to a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact the malicious script will not be triggered in the browser of UID 1 nor any user with "Bypass maxlength setting".

Solution

Install the latest version:

If you use the Maxlength module for Drupal 7.x, upgrade to Maxlength 7.x-3.3
Also see the Maxlength project page.

https://www.drupal.org/sa-contrib-2019-073

We value your opinion. Please add your feedback.