Module Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2019-042

Project: Module FilterVersion: 7.x-2.x-devDate: 2019-March-27Security risk: Moderately critical 12∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross site scriptingDescription: This module enables you to filter the list of modules on the admin modules page, and organizes packages into vertical tabs.
The module doesn't sufficiently escape HTML under the scenario leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that the attacker must have access to input filtered html that will be included on the modules administration page e.g. in a block (this configuration is not common). Further, the Module Filter vertical tabs setting must be enabled.Solution: Install the latest version:

Also see the Module Filter project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article