AddToAny Share Buttons - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-019
Project: AddToAny Share Buttons
Date: 2023-May-31
Security risk: Moderately critical 13∕25
Vulnerability: Cross Site Scripting
Description
This module provides social media share & follow buttons.
The module doesn't sufficiently restrict AddToAny block settings to users who have permission to administer AddToAny. This allows users with lower permission to configure malicious code leading to a Cross Site Scripting (XSS) vulnerability.