4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.967 High
EPSS
Percentile
99.7%
Display Suite allows you to take full control over how your content is displayed using a drag and drop interface.
In certain situations, Display Suite does not properly sanitize user-supplied data, allowing a malicious user to embed scripts within a page, resulting in a Cross-site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that the site must use a contributed module that alters usernames such as the realname module and the author field must be displayed as plain text “author”.
Drupal core is not affected. If you do not use the contributed Display Suite module, there is nothing you need to do.
Install the latest version:
Also see the Display Suite project page.