DRUPAL-CONTRIB-2022-046

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/lottiefiles_field/DRUPAL-CONTRIB-2022-046.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-046

Published

2022-06-29T16:51:17Z

Modified

2025-12-10T23:30:58.378824Z

Summary

[none]

Details

The Lottiefiles Field module enables you to integrate the lottiefiles features into your page.

The module does not sufficiently filter user-provided text on output, resulting in a Cross-Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit content that has lottiefiles fields.

References

https://www.drupal.org/sa-contrib-2022-046

Credits

- Conrad Lara
- - https://www.drupal.org/user/1790054

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/lottiefiles_field

Package

Name: drupal/lottiefiles_field
Purl: pkg:composer/drupal/lottiefiles_field

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.0.3

Database specific

{
    "constraint": "<1.0.3"
}

Database specific

affected_versions

"<1.0.3"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/lottiefiles_field/DRUPAL-CONTRIB-2022-046.json"