CVE-2015-4359

Name of the Vulnerable Software and Affected Versions Drupal versions prior to 6.x-1.6 Drupal versions 6.x-2.x prior to 6.x-2.8 Drupal versions 7.x-1.x prior to 7.x-1.2

Description The issue allows remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via unspecified vectors. This is due to multiple cross-site scripting (XSS) vulnerabilities in the Registration codes module.

Recommendations For versions prior to 6.x-1.6, update to version 6.x-1.6 or later. For versions 6.x-2.x prior to 6.x-2.8, update to version 6.x-2.8 or later. For versions 7.x-1.x prior to 7.x-1.2, update to version 7.x-1.2 or later.