CVE-2013-5964

Name of the Vulnerable Software and Affected Versions Flag module versions 7.x-3.x before 7.x-3.1

Description A cross-site scripting (XSS) issue exists in the administration page of the Flag module for Drupal, allowing remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title.

Recommendations For Flag module versions 7.x-3.x before 7.x-3.1, update to version 7.x-3.1 or later to resolve the issue.