Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2017-November-29
Vulnerability:
Cross-site scripting
Description:
This module allows users of a remote Services-enabled Drupal site to sign on to a second site with their credentials.
The module does not sanitize information from the request before displaying it, thereby exposing a cross-site scripting vulnerability.
Solution:
Install the latest version:
- If you use the Services Single Sign-on Client module for Drupal 7.x, upgrade to Services Single Sign-on Client 7.x-1.6
Reported By:
Fixed By:
- Scott Allison
- Brandon Stone the module maintainer
Coordinated By:
- David Rothstein of the Drupal Security Team
- Lee Rowlands of the Drupal Security Team
