[Security-news] Super Login - Moderately critical - Cross site scripting - SA-CONTRIB-2019-062
security-news at drupal.org
security-news at drupal.org
Wed Aug 14 17:54:56 UTC 2019
View online: https://www.drupal.org/sa-contrib-2019-062
Project: Super Login [1]
Date: 2019-August-14
Security risk: *Moderately critical* 13∕25
AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Cross site scripting
Description:
This module improves the Drupal login page with the new features and layout.
The module doesn't sufficiently filter input text in the administration pages
text configuration inputs. For example, the login text field.
The vulnerability is mitigated by the fact it can only be exploited by a user
with the "Administer super login" permission.
Solution:
Install the latest version:
* If you use the Super Login module for Drupal 8.x, upgrade to Super Login
8.x-1.3 [3]
* If you use the Super Login module for Drupal 7.x, upgrade to Super Login
7.x-1.4 [4]
Also see the Super Login [5] project page.
Reported By:
* Mitch Portier [6]
Fixed By:
* Mitch Portier [7]
* Shawn Ostermann [8]
Coordinated By:
* Greg Knaddison [9] of the Drupal Security Team
[1] https://www.drupal.org/project/super_login
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/super_login/releases/8.x-1.3
[4] https://www.drupal.org/project/super_login/releases/7.x-1.4
[5] https://www.drupal.org/project/super_login
[6] https://www.drupal.org/user/2284182
[7] https://www.drupal.org/user/2284182
[8] https://www.drupal.org/user/61221
[9] https://www.drupal.org/user/36762
More information about the Security-news
mailing list