Fraction - Less critical - XSS vulnerability - SA-CONTRIB-2018-059

Project: Fraction
Date: 2018-September-05
Security risk: *Less critical* 5∕25 6/25 ( Less Critical)
Vulnerability: XSS vulnerability


This module enables you to create fields for storing decimal values as two
integers (numerator and denominator) for maximum precision.

The module doesn't sufficiently filter XSS strings out of field labels.

This vulnerability is mitigated by the fact that an attacker must have a role
with the ability to manage field configuration.


Install the latest version:

* If you use the Fraction module for Drupal 7.x, upgrade to Fraction 7.x-1.7.
* If you use the Fraction module for Drupal 8.x, upgrade to Fraction 8.x-1.2.

Also see the Fraction project page.

Add new comment