Project: Services single sign-on client
Security risk: *Critical* 16∕25
Vulnerability: Cross-site scripting
This module allows users of a remote Services-enabled Drupal site to sign on to a second site with their credentials.
The module does not sanitize information from the request before displaying it, thereby exposing a cross-site scripting vulnerability.
Install the latest version:
If you use the Services Single Sign-on Client module for Drupal 7.x, upgrade to Services Single Sign-on Client 7.x-1.6