Version: 
7.x-1.x-dev
Date: 
2017-November-29
Vulnerability: 
Cross Site Scripting
Description: 

This module provides a way to make carousels, based on bootstrap-carousel.js.

The module doesn't sufficiently handle output of img HTML tag's alt property.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Carousel: Create new content" or any similar node module permissions for creating/editing/removing the module-delivered content type.

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: