The Iubenda Integration module provides a custom block to provide a link to the Iubenda privacy policy. On this block, a custom prefix and suffix text can be entered. The module does not sufficiently filter the block text fields on output, resulting in a Cross-Site Scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with permission to use the layout builder on content, edit the layout, or with the βAdminister blocksβ permission.
Vendor | Product | Version | CPE |
---|---|---|---|
drupal | iubenda_integration | * | cpe:2.3:a:drupal:iubenda_integration:*:*:*:*:*:*:*:* |