Drupal Better Field Descriptions Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Better Field Descriptions Module due to an inability to properly clean user-supplied input. An attacker can explo...

Better field descriptions - Critical - XSS - SA-CONTRIB-2017-064

This module enables you to add themeable descriptions to fields in forms. The module doesn't sufficiently sanitize descriptions. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "add better descriptions to fields". CVE identifiers issued ACVE...