Facets - Critical - Cross Site Scripting - SA-CONTRIB-2024-047
Project: FacetsDate: 2024-October-09Security risk: Critical 15 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingAffected versions: <2.0.9Description: This module enables you to to easily create and manage faceted search interfaces.
The module doesn't sufficiently filter for malicious script leading to a reflected cross site scripting (XSS) vulnerability.Solution: Install the latest version:
- If you use the Facets module, upgrade to Facets 2.0.9
Reported By:
Fixed By:
Coordinated By:
- Greg Knaddison of the Drupal Security Team
- Juraj Nemec of the Drupal Security Team