Display Suite allows you to take full control over how your content is displayed using a drag and drop interface.
The module doesn't sufficiently validate view modes provided dynamically via URLs leading to a reflected cross site scripting (XSS) attack.
This vulnerability is mitigated only by the fact that most modern browsers protect against reflected XSS via the url.
- If you use the Display Suite module for Drupal 7.x-1.x, upgrade to Display Suite 7.x-1.10
- If you use the Display Suite module for Drupal 7.x-2.x, upgrade to Display Suite 7.x-2.15
- Kristof De Jaeger the module maintainer
- Rick Manelius of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team