View online: https://www.drupal.org/sa-contrib-2023-032

Project: Minify Source HTML [1] Date: 2023-July-26 Security risk: *Moderately critical* 11∕25 AC:Basic/A:None/CI:None/II:None/E:Proof/TD:All [2] Vulnerability: Cross site scripting

Affected versions: <1.13.0 || >=2.0.0 <2.0.3 Description:  Carefully crafted input by an attacker will not be sanitized by this module, which can result in a script injection.

Solution:  Install the latest version:

* If you use the Minify Source HTML module for Drupal 7.x, upgrade to Minify Source HTML 7.x-1.11 [3] * If you use the Minify Source HTML module for Drupal 8.x/9.x, upgrade to Minify Source HTML 8.x-1.13 [4] * If you use the Minify Source HTML module for Drupal 9.x/10.x, upgrade to Minify Source HTML 2.0.3 [5]

Reported By:  * Pierre Rudloff [6]

Fixed By:  * Scott Joudry [7] * Pierre Rudloff [8]

[1] https://www.drupal.org/project/minifyhtml [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/minifyhtml/releases/7.x-1.11 [4] https://www.drupal.org/project/minifyhtml/releases/8.x-1.13 [5] https://www.drupal.org/project/minifyhtml/releases/2.0.3 [6] https://www.drupal.org/user/3611858 [7] https://www.drupal.org/user/1846786 [8] https://www.drupal.org/user/3611858