Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2021-September-29
Vulnerability:
Cross Site Scripting
Affected versions:
<4.4.0
Description:
Linkit provides an easy interface for internal and external linking with WYSIWYG editors by using an autocomplete field.
It does not sufficiently sanitize user input.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit an entity bundle.
Solution:
Install the latest version:
- If you use the Linkit module for Drupal 8.x, upgrade to Linkit 8.x-4.4
Reported By:
Fixed By:
Coordinated By:
- Damien McKenna of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
