DRUPAL-CONTRIB-2022-036

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/image_field_caption/DRUPAL-CONTRIB-2022-036.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-036

Published

2022-05-04T16:11:07Z

Modified

2025-12-10T23:31:46.988019Z

Summary

[none]

Details

Image Field Caption (image_field_caption) adds an extra text area for captions on image fields.

The module doesn't sanitize user input in certain cases, which leads to a Cross-Site-Scripting (XSS) vulnerability.

The vulnerability is mitigated by several permissions, of which at least some are commonly only assigned to either editors, site builders or administrators.

References

https://www.drupal.org/sa-contrib-2022-036

Credits

- Patrick Fey
- - https://www.drupal.org/user/998680

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/image_field_caption

Package

Name: drupal/image_field_caption
Purl: pkg:composer/drupal/image_field_caption

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.2.0

Database specific

{
    "constraint": "<1.2.0"
}

Database specific

affected_versions

"<1.2.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/image_field_caption/DRUPAL-CONTRIB-2022-036.json"