Security Fix: 7 September 2018

On 7 September 2018, a security fix was implemented in all Regular Labs extensions that come with an editor button.

  • Articles Anywhere v8.2.1
  • Conditional Content v2.3.0
  • Dummy Content v5.1.2
  • Modals v9.13.1
  • Modules Anywhere v7.5.1
  • Sliders v7.6.2
  • Snippets v6.4.1
  • Tabs v7.4.2
  • Tooltips v7.2.2

The editor button popup urls could potentially be used for cross site scripting (triggering custom javascript via the url). 

Please note that, in any case, the editor button popups are only accessible to admins and users with content create permissions. So not to everyone.

If you haven't already, make sure you keep all your extensions up-to-date.