2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
43.8%
Linkit provides an easy interface for internal and external linking with wysiwyg editors and fields by using an autocomplete field.
The module doesn’t sufficiently sanitize node titles in the result list if the node search plugin is enabled.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to add or edit any type of node and that the linkit node search plugin is enabled.
Drupal core is not affected. If you do not use the contributed Linkit module,
there is nothing you need to do.
Install the latest version:
Also see the Linkit project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/linkit
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/user/36762
www.drupal.org/user/464598
www.drupal.org/user/960720
www.drupal.org/writing-secure-code