Severity Rating: HIGH
Software Affected
Open ReadSpeaker module for Drupal 8.x version 8.x-1.x-dev
Overview
A vulnerability has been reported in Drupal, which could be exploited by a
remote attacker to add a configured ReadSpeaker button for text-to-speech
for victim site visitors.
Description
The vulnerability exists in Drupal as the module doesnt sufficiently
sanitize block configuration causing a Cross Site Scripting (XSS)
vulnerability.
Successful exploitation of this vulnerability could allow the attacker to
add a configured ReadSpeaker button for text-to-speech for victim site
visitors.
Solution
Apply appropriate patches as mentioned on Drupal website:
https://www.drupal.org/sa-contrib-2020-024
Vendor Information
Drupal
https://www.drupal.org/sa-contrib-2020-024
Software Affected
Open ReadSpeaker module for Drupal 8.x version 8.x-1.x-dev
Overview
A vulnerability has been reported in Drupal, which could be exploited by a
remote attacker to add a configured ReadSpeaker button for text-to-speech
for victim site visitors.
Description
The vulnerability exists in Drupal as the module doesnt sufficiently
sanitize block configuration causing a Cross Site Scripting (XSS)
vulnerability.
Successful exploitation of this vulnerability could allow the attacker to
add a configured ReadSpeaker button for text-to-speech for victim site
visitors.
Solution
Apply appropriate patches as mentioned on Drupal website:
https://www.drupal.org/sa-contrib-2020-024
Vendor Information
Drupal
https://www.drupal.org/sa-contrib-2020-024
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.