Back To Top - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-005
This module enables you to add a button that hovers in the bottom of your screen and allows users to smoothly scroll up the page using jQuery.
The module doesn't sufficiently sanitize the code that gets printed on pages leading to a Cross Site Scripting (XSS) issue.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access backtotop settings".
- Back To Top 1.x-1.x versions prior to 1.x-1.1.2
- Back To Top 1.x-2.x versions prior to 1.x-2.0.2