oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048

This module extends the core Media module and allows site creators to permit oEmbed providers in addition to YouTube and Vimeo, which are deemed trustworthy by the Drupal Security Team. The module doesn't sufficiently mark its administrative permission as restricted, creating the possibility for...

SA-CONTRIB-2010-112 - oEmbed - Access Bypass

The oEmbed module allows a Drupal site to embed content from oEmbed-providers as well as for a site to become an oEmbed-provider itself so that other oEmbed-enabled websites can embed its content. If an external site requested to embed a node, the oEmbed provider did not check node access,...