Advisory ID: 
BACKDROP-SA-CONTRIB-2017-001
Vulnerability: 
Cross Site Scripting
Versions affected: 

Backdrop core is not affected. If you do not use the contributed Better Exposed filters module, there is nothing you need to do. 

The Better Exposed Filters module gives site builders more choices for rendering Views' exposed form elements.

The module does not sufficiently sanitize taxonomy term descriptions when the "Include the term description" option is selected.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer taxonomy".

Solution: 

Install the latest version:

  • If you use the Better Exposed Filters module for Backdrop 1.x, upgrade to Better Exposed Filters 1.x-3.4.0 or greater.

 

Reported By: 
Fixed By: 
Coordinated By: