Skip to content

Commit eadb7e3

Browse files
feat: update advisories
1 parent 33a5e39 commit eadb7e3

1 file changed

Lines changed: 4 additions & 2 deletions

File tree

advisories/orejime/DRUPAL-CONTRIB-2026-032.json

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,11 @@
11
{
22
"schema_version": "1.7.0",
33
"id": "DRUPAL-CONTRIB-2026-032",
4-
"modified": "2026-04-08T16:09:54.000Z",
4+
"modified": "2026-04-10T16:51:06.000Z",
55
"published": "2026-04-08T16:09:54.000Z",
6-
"aliases": [],
6+
"aliases": [
7+
"CVE-2026-6095"
8+
],
79
"details": "The IframeConsent element writes HTML attributes without escaping their value.\n\nThis module has a XSS vulnerability. If an attacker is able to write an `<iframe-consent>` tag, they may be able to insert arbitrary JavaScript.\n\nThis vulnerability is mitigated by the fact that a text format that allows `iframe-consent` HTML tags with alt attributes in the necessary option (*Enable JS Iframe consent*) must be enabled, and an attacker must have a role allowing the creation or modification of content in a field with text the format.",
810
"affected": [
911
{

0 commit comments

Comments
 (0)