CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
65.5%
Display Suite allows you to take full control over how your content is displayed using a drag and drop interface.
In certain situations, Display Suite does not properly sanitize entity bundle labels, allowing a malicious user to embed scripts within a page, resulting in a Cross-site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker has to be able to create entity bundle labels of some sort, which usually needs a higher level permission such as administer taxonomy.
Drupal core is not affected. If you do not use the contributed Display Suite module, there is nothing you need to do.
Install the latest version:
Also see the Display Suite project page.