David Galeano

**Name of the Vulnerable Software and Affected Versions** Drupal Tagify versions prior to 1.2.49 **Description** The Tagify module for Drupal does not properly sanitize user-provided input before using it in JavaScript templates within the Tagify widget. This allows for the execution of arbitrary JavaScript code in a user's browser when content is created or edited. The issue stems from insufficient input neutralization during web page generation, leading to a Cross-Site Scripting (XSS) condition. **Recommendations** Update Drupal Tagify to version 1.2.49 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal Tagify versions prior to 1.2.44 **Description** A flaw exists in Drupal Tagify that allows for Cross-Site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially allow attackers to inject malicious scripts into web pages viewed by other users. **Recommendations** Update Drupal Tagify to version 1.2.44 or later.