Lottiefiles Field - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-046

Project: Lottiefiles FieldDate: 2022-June-29Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: The Lottiefiles Field module enables you to integrate the lottiefiles features into your page.
The module does not sufficiently filter user-provided text on output, resulting in a Cross-Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit content that has lottiefiles fields.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2022-046