WebProfiler - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-044

Project: WebProfilerDate: 2023-September-06Security risk: Moderately critical 10∕25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingAffected versions: > 10.1.0 < 10.1.1Description: The Webprofiler module provides a way of displaying the Symfony profile debugging tool at the bottom of each page.
The abbr_class Twig filter can be used to bypass the Twig auto-escape feature.
This vulnerability is mitigated by the fact that it is only exposed when the filter is specifically used in a theme to render content that contains an attack vector.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2023-044