Services single sign-on client - Critical - Cross-site scripting - SA-CONTRIB-2017-087

Project: Services single sign-on client
Version: 7.x-1.x-dev
Date: 2017-November-29
Security risk: *Critical* 16∕25
Vulnerability: Cross-site scripting

Description

 

This module allows users of a remote Services-enabled Drupal site to sign on to a second site with their credentials.

The module does not sanitize information from the request before displaying it, thereby exposing a cross-site scripting vulnerability.

Solution

Install the latest version:

If you use the Services Single Sign-on Client module for Drupal 7.x, upgrade to Services Single Sign-on Client 7.x-1.6

Add new comment