Security risk: *Moderately critical* 14∕25
Vulnerability: Cross Site Scripting
This module provides a way to make carousels, based on bootstrap-carousel.js. The module doesn't sufficiently handle output of img HTML tag's alt property.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Carousel: Create new content" or any similar node module permissions for creating/editing/removing the module-delivered content type.
Install the latest version:
If you use the bootstrap_carousel module for Drupal 7, upgrade to bootstrap_carousel 7.x-1.2