Drupal View Password module < 6.0.4 - Administrator+ Cross Site Scripting (XSS) vulnerability

Administrator+ Cross Site Scripting XSS vulnerability discovered by Ide Braakman in WordPress Module View Password versions 6.0.4...

View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026

The View Password module enables you to add a help icon button next to the password input field to toggle the password visibility. The administrative user is allowed to add classes to this icon for styling purposes. The module doesn't validate the content of classes. A malicious user with access ...