DRUPAL-CONTRIB-2022-035

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/dfp/DRUPAL-CONTRIB-2022-035.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-035
Published
2022-05-04T16:06:53Z
Modified
2025-12-10T23:33:17.937817Z
Summary
[none]
Details

Doubleclick for Publishers (DFP) module enables a site to place ads from Doubleclick For Publishers.

The module doesn't sanitize user input in certain cases, which leads to Cross-Site-Scripting (XSS) vulnerabilities. An attacker that can create or edit certain entities may be able to exploit a Cross-Site-Scripting (XSS) vulnerability to target visitors of the site, including site admins with privileged access.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer DFP".

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/dfp

Package

Name
drupal/dfp
Purl
pkg:composer/drupal/dfp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0
Database specific
{
    "constraint": "<1.2.0"
}

Database specific

source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/dfp/DRUPAL-CONTRIB-2022-035.json"
affected_versions
"<1.2.0"