Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2017-December-06
Vulnerability:
Cross Site Scripting (XSS)
Description:
This module enables you to add feedback forms and gather end user feedback, bug reports or any kind of suggestions.
The module doesn't sufficiently filter output of its own fields under the scenario of creating or editing feedback-collect content types.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "create feedback-collect content" or its related editing permissions.
Solution:
Install the latest version:
- If you use the feedback collect module for Drupal 7.x, upgrade to feedback collect 7.x-1.6
Also see the Feedback Collect project page.
Reported By:
Fixed By:
- Tatar Balazs Janos
- Jelena Krmar the module maintainer
Coordinated By:
- Greg Knaddison of the Drupal Security Team
