"We run a non-profit summer camp and hired Ricochet to design our camper and staff database from scratch. Their initial design was custom fit to suit our needs and as those needs have evolved the helpful staff at Ricochet have insured that timely changes keep our database up to date and running smoothly. Thanks for the fantastic service and personal attention, it's made a huge difference for our camp!"
—Chrissie Endler, Camp del Corazon

Embed - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-042

Wed, 2022-05-25 09:45 — Anonymous (not verified)

Project: EmbedDate: 2022-May-25Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: The Drupal Embed module provides a filter to allow embedding various embeddable items like entities in content fields.
In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed items. In some cases, this could lead to cross-site scripting (XSS).Solution: Install the latest version:

If you use the Embed module for Drupal 8.x or 9.x, upgrade to Embed 8.x-1.5

Reported By:

Aaron Zinck

Fixed By:

Dave Reid of the Drupal Security Team
Drew Webber of the Drupal Security Team
Adam G-H

Coordinated By:

Dave Reid of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2022-042

Search form

Embed - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-042