Lack of HTML Escaping

Module: forms

Published: April 11th, 2017

Reported by: Jordan Harband

CVE-NONE

CWE-80

Vulnerable: <1.3.0
Patched: >=1.3.0

Overview

Affected versions of forms do not properly escape HTML in generated forms, which may result in cross-site scripting.

Remediation

Update to version 1.3.0 or later.

References

Commit #bc01e53