DRUPAL-CONTRIB-2023-024

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/gridstack/DRUPAL-CONTRIB-2023-024.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2023-024
Published
2023-06-28T17:03:36Z
Modified
2025-12-10T23:33:52.264231Z
Summary
[none]
Details

This module enables you to create dynamic layouts and add sample color palettes for color selection hints via its UI.

The module doesn't sufficiently sanitize the module's settings in certain scenarios leading to a Cross Site Scripting vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permissions "administer gridstack".

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/gridstack

Package

Name
drupal/gridstack
Purl
pkg:composer/drupal/gridstack

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.11.0
Database specific 
{
    "constraint": "<2.11"
}

Database specific

affected_versions 
"<2.11"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/gridstack/DRUPAL-CONTRIB-2023-024.json"