- Issue created by @mr.baileys
- 🇯🇴Jordan Rajab Natshah Jordan
Thanks, Ivo, for filing and the MR.
Maybe this could be reported as a security issue.
Sorry, I intervened in this issue. I thought it was for Gin Type Tray → . Not sure if we face the same issue in the other module.
- 🇧🇪Belgium mr.baileys 🇧🇪 (Ghent)
@rajab natshah: I opened it as a public issue since it requires "administer content types", and thus is not considered a security vulnerability as per https://www.drupal.org/drupal-security-team/security-advisory-process-an... →
- First commit to issue fork.
-
marcoscano →
committed f10f5ed7 on 1.0.x authored by
mr.baileys →
Issue #3507695 by mr.baileys: Fix Cross-site scripting through Existing...
-
marcoscano →
committed f10f5ed7 on 1.0.x authored by
mr.baileys →
- 🇪🇸Spain marcoscano Barcelona, Spain
Thanks for reporting and for contributing a fix. I agree that users that can access this field can already take over the site so this can be fixed in public.
Merged!
Automatically closed - issue fixed for 2 weeks with no activity.