Radix - Moderately critical - Cross site scripting - SA-CONTRIB-2020-001

Radix - Moderately critical - Cross site scripting - SA-CONTRIB-2020-001

Project: Radix
Date: 2020-January-15
Security risk: Moderately critical 13∕25
Vulnerability: Cross site scripting

Description

Radix is a base theme for Drupal, with Bootstrap 4, Sass, ES6 and BrowserSync built-in.

The module doesn't sufficiently filter menu titles when used in a dropdown in the main menu.

This vulnerability is mitigated by the fact that an attacker must have permission to edit a menu title used in the main menu.

Solution

Install the latest version:

If you use the Radix theme for Drupal 7.x, upgrade to Radix 7.x-3.8
Also see the Radix project page.

Alex Shaposhnik's picture
Alex Shaposhnik
Technical Support Specialist
I provide technical assistance to our customers with all kinds of technical, hardware or software problems by modifying, installing, cleaning and repairing server-side software and customers' web applications and communicating to them the detailed answers and troubleshooting steps performed.

We value your opinion. Please add your feedback.