All Regular Labs extensions with editor buttons, versions before 7 September 2018, cross site scripting (XSS):-

- Articles Anywhere
- Conditional Content
- Dummy Content
- Modals
- Modules Anywhere
- Sliders
- Snippets
- Tabs
- Tooltips

The editor button popup urls could potentially be used for cross site scripting (triggering custom javascript via the url). That is now fixed.

update notice: https://www.regularlabs.com/component/content/article/1281-security-fix-7-sep-2018

Versions numbers affected

Articles Anywhere: 8.2.0 and previous, resolution update to 8.2.1

Conditional content: 2.2.2 and previous, resolution update to 2.3.0

Dummy content: 5.1.1 and previous, resolution update to 5.1.2

Modals: 9.13.0 and previous, resolution update to 9.13.1

Modules Anywhere: 7.5.0 and previous, resolution update to 7.5.1

Sliders: 7.6.1 and previous, resolution update to 7.6.2

Snippets: 6.4.0 and previous, resolution update to 6.4.1

Tabs: 7.4.1 and previous, resolution update to 7.4.2

Tooltips: 7.2.1 and previous, resolution update to 7.2.2