This module enables you to add a configured ReadSpeaker button for text-to-speech for your site visitors.
The module doesn't sufficiently sanitize block configuration causing a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks".
Install the latest version:
- If you use the Open ReadSpeaker module for Drupal 8.x, upgrade to Open ReadSpeaker 8.x-1.5
Also see the Open ReadSpeaker project page.
- Greg Knaddison of the Drupal Security Team