2 matches found
Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069
This module integrates Drupal with LightGallery, enabling the use of the LightGallery library with any image field or view. The module does not adequately sanitize user input in the image field’s "alt" attribute, potentially allowing cross-site scripting XSS attacks when tags or scripts are...
CVE-2024-42699
Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...