Maxlength - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-073

Project: MaxlengthDate: 2019-October-09Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: This module enables you to set a maximum length allowed on text fields and indicate how many characters are left.
The module doesn't sufficiently filter strings leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact the malicious script will not be triggered in the browser of UID 1 nor any user with "Bypass maxlength setting".Solution: Install the latest version:

Also see the Maxlength project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2019-073