Back To Top - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-040

Project: Back To TopVersion: 7.x-1.x-devDate: 2019-March-20Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: This module enables you to add a button that hovers in the bottom of your screen and allows users to smoothly scroll up the page using jQuery.
The module doesn't sufficiently sanitize the code that gets printed on pages leading to a Cross Site Scripting (XSS) issue.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access backtotop settings".Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article