Workflow - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-049

Project: WorkflowDate: 2019-May-22Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescription: The Workflow module enables you to create arbitrary Workflows, and assign them to Entities.
The module doesn't sufficiently escape HTML in the field settings leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer nodes" and "administer workflow".Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article