Advanced Forum - Critical - Cross Site Scripting - SA-CONTRIB-2019-054

Project: Advanced ForumVersion: 7.x-2.x-devDate: 2019-June-26Security risk: Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: Advanced Forum builds on and enhances Drupal's core forum module. When used in combination with other Drupal contributed modules, many of which are automatically used by Advanced Forum, you can achieve much of what stand alone software provides.
The module doesn't sufficiently sanitise user input in specific circumstances. It is not possible to disable the vulnerable functionality.
This vulnerability is mitigated by the fact that an attacker must have a role with permission to create forum content.Solution: Install the latest version:

Also see the Advanced Forum project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article