Image Field Caption (image_field_caption
) adds an extra text area for captions on image fields.
The module doesn't sanitize user input in certain cases, which leads to a Cross-Site-Scripting (XSS) vulnerability.
The vulnerability is mitigated by several permissions, of which at least some are commonly only assigned to either editors, site builders or administrators.
Install the latest version:
- If you use the image_field_caption module for Drupal 9.x, upgrade to image_field_caption 8.x-1.2
- Greg Knaddison of the Drupal Security Team
- Damien McKenna of the Drupal Security Team