Entity Reference Tab / Accordion Formatter - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-008

Project: Entity Reference Tab / Accordion Formatter
Date: 2018-February-07
Security risk: *Moderately critical* 14∕25
Vulnerability: Cross Site Scripting


This module enables you to show referenced entities in tabs.

The module doesn't sufficiently sanitize the body fields of the referenced
entities when it prints them to the tabs.

This vulnerability is mitigated by the fact that an attacker must have a role
with the permission create/edit content of the content type that is


Install the latest version:

* If you use the Entity Reference Tab / Accordion Formatter module for
Drupal 8.x, upgrade to 8.x-1.3

Add new comment