Open ReadSpeaker - Moderately critical - Cross site scripting - SA-CONTRIB-2020-024
Project: Open ReadSpeaker Version: 8.x-1.x-dev Date: 2020-June-10 Security risk: Moderately critical 13∕25 Vulnerability: Cross site scripting
This module enables you to add a configured ReadSpeaker button for text-to-speech for your site visitors.
The module doesn't sufficiently sanitize block configuration causing a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks".
Install the latest version:
If you use the Open ReadSpeaker module for Drupal 8.x, upgrade to Open ReadSpeaker 8.x-1.5
Also see the Open ReadSpeaker project page.