Boolean Field - Less Critical - Cross Site Scripting
Project
Date
Severity
Less Critical
Affected versions
<7.x-1.2
The Boolean module fails to sanitize admin-configured prefix and suffix strings before rendering them in the field formatter, allowing a user with field administration privileges to inject arbitrary HTML or JavaScript that executes in the browser of any visitor viewing content with that field.