Link - Moderately critical - Cross Site Scripting - SA-CORE-2025-004

Project

Link

Date

May 07, 2025

Severity

Moderately Critical

Risk Score

13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default

Vulnerability

Cross Site Scripting

Affected versions

< 7.x-1.13

Description

This release is a backport of SA-CORE-2025-004 in 7.x-1.13, with the addition of a hook_update to register the new sanitization PHP class in Drupal 7's class registry.

Solution

Install the latest version: 7.x-1.14.

If you use the PROJECT_NAME module for Drupal 7, upgrade to PROJECT_NAME 7.x-A.B:

link-7.x-1.14.tar.gz
link-7.x-1.14.zip

Reported by

Samuel Mortenson (samuel.mortenson)

Fixed by

Drupal Security Team
Tag1 D7ES

Coordinated by

Drupal Security Team
Tag1 D7ES