Project: Automated Logout
Security risk: *Moderately critical* 14∕25
Vulnerability: Cross Site Scripting
This module provides a site administrator the ability to log users out after
a specified time of inactivity. It is highly customizable and includes "site
policies" by role to enforce log out.
The module does not sufficiently filter user-supplied text that is stored in
the configuration, resulting in a persistent Cross Site Scripting
This vulnerability is mitigated by the fact that an attacker must have a role
with the permission "administer autologout".
Install the latest version: