Security Alert: Update for Data Visualisation Framework Module in Drupal
The Data Visualisation Framework module for Drupal was recently found to have a moderately critical security risk (SA-CONTRIB-2023-055), specifically a Cross-Site Scripting (XSS) vulnerability in versions below 2.0.2. This vulnerability could be exploited by those with content creation or editing permissions within the module.
An update to version 2.0.2 addresses this XSS issue by patching the vulnerable third-party JavaScript libraries. Reported and resolved by Joseph Zhao, this security flaw was managed by the Drupal Security Team members Damien McKenna, Greg Knaddison, cilefen, and Lee Rowlands. Drupal site owners are strongly advised to promptly update the latest module release for enhanced security.
Source Reference
Disclosure: This content is produced with the assistance of AI.