The Contextual Links module doesnβt sufficiently validate the requested contextual links.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission βaccess contextual linksβ.
CPE | Name | Operator | Version |
---|---|---|---|
drupal/core | lt | 8.6.2 | |
drupal/core | lt | 8.5.8 |