Xray Audit - Moderately critical - Cross site scripting - SA-CONTRIB-2023-012

Project:

Date:

2023-March-29

Security risk:

Moderately critical 13 ∕ 25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All

Vulnerability:

Cross site scripting

Affected versions:

<1.1.1

Description:

This module is a tool for developers, analysts, and administrators that allows them to generate reports on a given Drupal installation.

The module does not sufficiently sanitize some data presented in its reports.

This vulnerability is mitigated by the fact that an attacker must have a role with permissions to administer an impacted content type.

Solution:

Install the latest version:

If you use the Xray Audit module for Drupal 9.x / 10.x, upgrade to Xray Audit v.1.1.1

Reported By:

Fixed By:

Coordinated By:

Contact and more information

The Drupal security team can be reached by email at security at drupal.org or via the contact form.

Follow the Drupal Security Team on Bluesky, or Mastodon or Linkedin.

The security team is made up of volunteers around the world. The companies above have sponsored time on this release.