Open ReadSpeaker - Moderately critical - Cross site scripting - SA-CONTRIB-2020-024

Project: Open ReadSpeakerVersion: 8.x-1.x-devDate: 2020-June-10Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingDescription: This module enables you to add a configured ReadSpeaker button for text-to-speech for your site visitors.
The module doesn't sufficiently sanitize block configuration causing a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks".Solution: Install the latest version:

Also see the Open ReadSpeaker project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article