Project: Module Filter
Version: 7.x-2.x-dev
Date: 2019-March-27
Security risk: Moderately critical 12∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross site scripting
Description:
This module enables you to filter the list of modules on the admin modules page, and organizes packages into vertical tabs.
The module doesn't sufficiently escape HTML under the scenario leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that the attacker must have access to input filtered html that will be included on the modules administration page e.g. in a block (this configuration is not common). Further, the Module Filter vertical tabs setting must be enabled.
Solution:
Install the latest version:
If you use the Module Filter module for Drupal 7.x, upgrade to Module Filter 7.x-2.2
2437439 by mikhail.krainiuk, greenSkin, jayhawkfan75: Module Filter does not care about anchors in permission links
2866236 by Munavijayalakshmi, dhruveshdtripathi: Typo error in README.TXT file
2247031 by brylie, aubjr_drupal, neorg, purvas12, steinmb: Modules list hidden until scrolling to end of categories sidebar
2769939 by iryston: Nonexistent file source in module_filter.info
2825722 by shailesh.bhosale, vidit.anjaria: Help link not aligned correctly
2457807 by felribeiro, greenSkin: Module Filter not showing dependencies
Changelog updates.
2452067 by Madis: Option to show description expanded as default not working
2580791 by makbul_khan8: Coding standards and few function without help comments
2153697 by annya: Disabling option "Number of enabled modules" breakes tabs functionality
1710230 by willvincent: On | Off buttons does not change state with jquery_update module active
Improved logic for version showing within own column or within description column.
Let the entire td.description element be clickable.
Added option to show description as expanded by default.
Improved description field so when it is open, interacting with it's contents does not make it collapse.
Placed collapsed/expanded images inside of module for easier, more reliable access.
Added option to place version back in own column.
https://www.drupal.org/sa-contrib-2019-042
Project: Module Filter Version: 7.x-2.x-dev Date: 2019-March-27 Security risk: Moderately critical 12∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Default Vulnerability: Cross site scripting Description: This module enables you to filter the list of modules on the admin modules page, and organizes packages into vertical tabs.
The module doesn't sufficiently escape HTML under the scenario leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that the attacker must have access to input filtered html that will be included on the modules administration page e.g. in a block (this configuration is not common). Further, the Module Filter vertical tabs setting must be enabled.
Solution: Install the latest version:
If you use the Module Filter module for Drupal 7.x, upgrade to Module Filter 7.x-2.2
https://www.drupal.org/project/module_filter/releases/7.x-2.2
Release notes This release adds better handling of plain text.
Module Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2019-042
https://www.drupal.org/project/module_filter/releases/7.x-2.1
Release notes Changes since 7.x-2.0:
2437439 by mikhail.krainiuk, greenSkin, jayhawkfan75: Module Filter does not care about anchors in permission links
2866236 by Munavijayalakshmi, dhruveshdtripathi: Typo error in README.TXT file
2247031 by brylie, aubjr_drupal, neorg, purvas12, steinmb: Modules list hidden until scrolling to end of categories sidebar
2769939 by iryston: Nonexistent file source in module_filter.info
2825722 by shailesh.bhosale, vidit.anjaria: Help link not aligned correctly
2457807 by felribeiro, greenSkin: Module Filter not showing dependencies
Changelog updates.
2452067 by Madis: Option to show description expanded as default not working
2580791 by makbul_khan8: Coding standards and few function without help comments
2153697 by annya: Disabling option "Number of enabled modules" breakes tabs functionality
1710230 by willvincent: On | Off buttons does not change state with jquery_update module active
Improved logic for version showing within own column or within description column. Let the entire td.description element be clickable. Added option to show description as expanded by default. Improved description field so when it is open, interacting with it's contents does not make it collapse. Placed collapsed/expanded images inside of module for easier, more reliable access. Added option to place version back in own column.
2113191 by joelpittet: Category tabs not working
Ref: GOVCMSD7-189