Facets - Moderately critical - Cross site scripting - SA-CONTRIB-2021-008

Project: FacetsVersion: 8.x-1.x-devDate: 2021-May-12Security risk: Moderately critical 11∕25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross site scriptingDescription: This module enables you to add customizable facets on search pages, from core search or searches provided by Search API.
The module doesn't sufficiently filter all output in certain circumstances.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer facets".Solution: Install the latest version:

  • If you use the Facets module for Drupal 8.x/9.x, upgrade to Facets 8.x-1.8

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2021-008