Embed - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-042

Project: EmbedDate: 2022-May-25Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: The Drupal Embed module provides a filter to allow embedding various embeddable items like entities in content fields.
In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed items. In some cases, this could lead to cross-site scripting (XSS).Solution: Install the latest version:

  • If you use the Embed module for Drupal 8.x or 9.x, upgrade to Embed 8.x-1.5

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2022-042