Security Alert: Update for Data Visualisation Framework Module in Drupal
The Data Visualisation Framework module for Drupal was recently found to have a moderately critical security risk (SA-CONTRIB-2023-055), specifically a Cross-Site Scripting (XSS) vulnerability in versions below 2.0.2. This vulnerability could be exploited by those with content creation or editing permissions within the module.
An update to version 2.0.2 addresses this XSS issue by patching the vulnerable third-party JavaScript libraries. Reported and resolved by Joseph Zhao, this security flaw was managed by the Drupal Security Team members Damien McKenna, Greg Knaddison, cilefen, and Lee Rowlands. Drupal site owners are strongly advised to promptly update the latest module release for enhanced security.
Source Reference
Disclosure: This content is produced with the assistance of AI.
Disclaimer: The opinions expressed in this story do not necessarily represent that of TheDropTimes. We regularly share third-party blog posts that feature Drupal in good faith. TDT recommends Reader's discretion while consuming such content, as the veracity/authenticity of the story depends on the blogger and their motives.
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.
Related People
Comments
You may also like
