Date: 
2017-November-01
Vulnerability: 
Cross Site Scripting
Description: 

This module provides a site administrator the ability to log users out after a specified time of inactivity. It is highly customizable and includes "site policies" by role to enforce log out.

The module does not sufficiently filter user-supplied text that is stored in the configuration, resulting in a persistent Cross Site Scripting vulnerability (XSS).

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer autologout".

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: