Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2019-June-26
Vulnerability:
Cross Site Scripting
Description:
Advanced Forum builds on and enhances Drupal's core forum module. When used in combination with other Drupal contributed modules, many of which are automatically used by Advanced Forum, you can achieve much of what stand alone software provides.
The module doesn't sufficiently sanitise user input in specific circumstances. It is not possible to disable the vulnerable functionality.
This vulnerability is mitigated by the fact that an attacker must have a role with permission to create forum content.
Solution:
Install the latest version:
- If you use the Advanced Forum module for Drupal 7.x, upgrade to Advanced Forum 7.x-2.8
Also see the Advanced Forum project page.
Reported By:
- Drew Webber of the Drupal Security Team
Fixed By:
- Drew Webber of the Drupal Security Team
- Vijaya Chandran Mani Provisonal Member of the Drupal Security Team
Coordinated By:
- Drew Webber of the Drupal Security Team
