View online: https://www.drupal.org/sa-contrib-2018-064
Project: Lightbox2 [1] Version: 7.x-2.x-dev Date: 2018-October-10 Security risk: *Critical* 18∕25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:All [2] Vulnerability: Cross Site Scripting
Description: The Lightbox2 module enables you to overlay images on the current page.
The module did not sanitize some inputs when used in combination with a custom view leading to potential Cross Site Scripting (XSS).
Solution: Install the latest version:
* If you use the Lightbox2 module for Drupal 7.x, upgrade to Lightbox2 release 7.x-2.11 [3]
Also see the Lightbox2 [4] project page.
Reported By: * emf [5]
Fixed By: * joseph.olstad [6] * Stella Power [7] of the Drupal Security Team
Coordinated By: * David Stoline [8] of the Drupal Security Team
[1] https://www.drupal.org/project/lightbox2 [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/lightbox2/releases/7.x-2.11 [4] https://www.drupal.org/project/lightbox2 [5] https://www.drupal.org/user/664258 [6] https://www.drupal.org/user/1321830 [7] https://www.drupal.org/user/66894 [8] https://www.drupal.org/user/329570