CVE-2015-3359

Name of the Vulnerable Software and Affected Versions Drupal Room Reservations module versions prior to 7.x-1.1

Description The issue allows remote authenticated users with the "Administer the room reservations system" permission to inject arbitrary web script or HTML. This can be achieved via the node title of a "Room Reservations Category" or the body of a "Room Reservations Room" node.

Recommendations For versions prior to 7.x-1.1, update to version 7.x-1.1 or later to resolve the issue. As a temporary workaround, consider restricting the "Administer the room reservations system" permission to minimize the risk of exploitation. Avoid using the node title of a "Room Reservations Category" or the body of a "Room Reservations Room" node for malicious input until the issue is resolved.