Image Field Caption - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-036

Wed, 2022-05-04 09:11 — Anonymous (not verified)

Project: Image Field CaptionVersion: 8.x-1.1Date: 2022-May-04Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: Image Field Caption (image_field_caption) adds an extra text area for captions on image fields.
The module doesn't sanitize user input in certain cases, which leads to a Cross-Site-Scripting (XSS) vulnerability.
The vulnerability is mitigated by several permissions, of which at least some are commonly only assigned to either editors, site builders or administrators.Solution: Install the latest version:

If you use the image_field_caption module for Drupal 9.x, upgrade to image_field_caption 8.x-1.2

Reported By:

Patrick Fey

Fixed By:

Coordinated By:

Greg Knaddison of the Drupal Security Team
Damien McKenna of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2022-036

Search form

Image Field Caption - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-036