Obfuscate Email - Less critical - Cross Site Scripting - SA-CONTRIB-2023-042

Project: Obfuscate EmailDate: 2023-August-30Security risk: Less critical 5∕25 AC:Complex/A:User/CI:None/II:None/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingAffected versions: <2.0.1Description: This module enables you to hide email addresses from bots and site scrapers by using the rot13 strategy.
The module doesn't sufficiently escape the data attribute under the scenario a user has access to manipulate that value.
This vulnerability is mitigated by the fact that an attacker must have a role with permissions to allow data attributes in content on a site.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2023-042