3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.967 High
EPSS
Percentile
99.7%
Display Suite allows you to take full control over how your content is displayed using a drag and drop interface.
In certain situations, Display Suite does not properly sanitize some of the output, allowing a malicious user to embed scripts within a page, resulting in a Cross-site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker has to be able to configure field display settings, which usually needs a higher level permission such as administer taxonomy.
Drupal core is not affected. If you do not use the contributed Display Suite module,
there is nothing you need to do.
Install the latest version:
Also see the Display Suite project page.
drupal.org/node/2471721
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/ds
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/aspilicious
www.drupal.org/u/hjarnmastara
www.drupal.org/u/mr.baileys
www.drupal.org/writing-secure-code