Skip to content

Commit c47995e

Browse files
feat: update advisories
1 parent 5377131 commit c47995e

1 file changed

Lines changed: 50 additions & 0 deletions

File tree

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
{
2+
"schema_version": "1.7.0",
3+
"id": "DRUPAL-CONTRIB-2026-032",
4+
"modified": "2026-04-08T16:09:54.000Z",
5+
"published": "2026-04-08T16:09:54.000Z",
6+
"aliases": [],
7+
"details": "The IframeConsent element writes HTML attributes without escaping their value.\n\nThis module has a XSS vulnerability. If an attacker is able to write an `<iframe-consent>` tag, they may be able to insert arbitrary JavaScript.\n\nThis vulnerability is mitigated by the fact that a text format that allows `iframe-consent` HTML tags with alt attributes in the necessary option (*Enable JS Iframe consent*) must be enabled, and an attacker must have a role allowing the creation or modification of content in a field with text the format.",
8+
"affected": [
9+
{
10+
"package": {
11+
"ecosystem": "Packagist:https://packages.drupal.org/8",
12+
"name": "drupal/orejime"
13+
},
14+
"severity": [],
15+
"ranges": [
16+
{
17+
"type": "ECOSYSTEM",
18+
"events": [
19+
{
20+
"introduced": "0"
21+
},
22+
{
23+
"fixed": "2.0.16"
24+
}
25+
],
26+
"database_specific": {
27+
"constraint": "<2.0.16"
28+
}
29+
}
30+
],
31+
"database_specific": {
32+
"affected_versions": "<2.0.16"
33+
}
34+
}
35+
],
36+
"references": [
37+
{
38+
"type": "WEB",
39+
"url": "https://www.drupal.org/sa-contrib-2026-032"
40+
}
41+
],
42+
"credits": [
43+
{
44+
"name": "Pierre Rudloff (prudloff)",
45+
"contact": [
46+
"https://www.drupal.org/u/prudloff"
47+
]
48+
}
49+
]
50+
}

0 commit comments

Comments
 (0)