OSF for Drupal - Less Critical - Cross Site Scripting (XSS)

* Advisory ID: DRUPAL-SA-CONTRIB-2017-014
* Project: OSF for Drupal
* Version: 7.x
* Date: 2017-February-08
* Security risk: 5/25 ( Less Critical)
* Vulnerability: Cross Site Scripting

DESCRIPTION

This module enables administrators to use a user interface to create complex
semantic queries that can be saved to be used in different locations of a
Drupal instance that uses OSF.

VERSIONS AFFECTED

* osf_querybuilder 7.x-3.3 versions prior to 7.x-3.3.

Drupal core is not affected. If you do not use the contributed OSF for Drupal
module, there is nothing you need to do.

SOLUTION

Install the latest version:

* If you use the OSF for Drupal module for Drupal 7.x, upgrade to OSF for
Drupal 7.x-3.4

Add new comment