scroll to top - Moderately critical - Cross site scripting - SA-CONTRIB-2019-061

scroll to top - Moderately critical - Cross site scripting - SA-CONTRIB-2019-061

Project: scroll to top
Date: 2019-August-14
Security risk: Moderately critical 13∕25
Vulnerability: Cross site scripting

Description

The Scroll To Top module enables you to have an animated scroll to top link in the bottom of the node.

The module does not sufficiently filter configuration text leading to a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer scroll to top".

Solution

Install the latest version of the module.

If you use the Scroll To Top module for Drupal 7.x, upgrade to Scroll To Top 7.x-2.2

Also see the scroll to top project page.

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kind of Open Source applications, AI, bitcoins, but mostly about Drupal. For last years has been actively developing AltaGrade's new back-end system.

We value your opinion. Please add your feedback.