Meta tags quick - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-057

Project: Meta tags quickDate: 2019-July-17Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: Metatags quick is a module that manages meta tags (tags that appear in HTML's head section) as Drupal 7 fields.
Administration page of metatags quick does not sanitize the output of blocks that appear on the same page. This allows an attacker to inject malicious JavaScript in block markup.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks".Solution: Install the latest version.
If you use the Metatags quick module for Drupal 7.x, upgrade to metatags quick 7.x-2.10.Reported By: 

Fixed By: 

Coordinated By: 

Path to article