Ricochet super-team Stephen Pope and Rick Destree were invaluable in upgrading the functionalities of the MarketTools corporate website, helping us implement new design elements and site structure, and launching a new website on very short notice when our business unit was acquired by Confirmit. Along the way, they taught me a lot about Drupal! Stephen’s help was critical in dealing with some difficult pre-existing server environment issues, and he went the extra mile many times to get us past the crunch points. I absolutely recommend Stephen and his team!
—Laura Newton

Xray Audit - Moderately critical - Cross site scripting - SA-CONTRIB-2023-012

Wed, 2023-03-29 10:44 — Anonymous (not verified)

Project: Xray AuditDate: 2023-March-29Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingDescription: This module is a tool for developers, analysts, and administrators that allows them to generate reports on a given Drupal installation.
The module does not sufficiently sanitize some data presented in its reports.
This vulnerability is mitigated by the fact that an attacker must have a role with permissions to administer an impacted content type.Solution: Install the latest version:

If you use the Xray Audit module for Drupal 9.x / 10.x, upgrade to Xray Audit v.1.1.1

Reported By:

Conrad Lara

Fixed By:

Luis Peidró

Coordinated By:

Damien McKenna of the Drupal Security Team
Greg Knaddison of the Drupal Security Team
Chris McCafferty of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2023-012

Search form

Xray Audit - Moderately critical - Cross site scripting - SA-CONTRIB-2023-012