The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal entity embed 8.x-1.0 |
||
drupal entity embed 8.x-1.1 |
||
drupal entity embed 8.x-1.2 |