scroll to top - Moderately critical - Cross site scripting - SA-CONTRIB-2019-061

Project: scroll to topDate: 2019-August-14Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingDescription: The Scroll To Top module enables you to have an animated scroll to top link in the bottom of the node.
The module does not sufficiently filter configuration text leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer scroll to top".Solution: Install the latest version of the module.

Also see the scroll to top project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article