Display Suite - Moderately Critical - Cross Site Scripting

* Advisory ID: DRUPAL-SA-CONTRIB-2017-049
* Project: Display Suite (third-party module)
* Version: 8.x
* Date: 2017-May-17
* Security risk: 13/25 ( Moderately Critical)
* Vulnerability: Cross Site Scripting

DESCRIPTION

Display Suite allows you to take full control over how your content is
displayed using a drag and drop interface.

In certain situations, Display Suite does not properly sanitize some of the
output, allowing a malicious user to embed scripts within a page, resulting
in a Cross-site Scripting (XSS) vulnerability.

VERSIONS AFFECTED

* Display Suite 8.x-2.x versions prior to 8.x-2.7.
* Display Suite 8.x-3.x versions prior to 8.x-3.0.

Drupal core is not affected. If you do not use the contributed Display Suite
module, there is nothing you need to do.

SOLUTION

Install the latest version:

* If you use the Display Suite module for Drupal 8.x-2.x, upgrade to
Display
Suite 8.x-2.7
* If you use the Display Suite module for Drupal 8.x-3.x, upgrade to
Display
Suite 8.x-3.0

Also see the Display Suite project page: https://www.drupal.org/project/ds

Add new comment