CVE-2015-5489

Name of the Vulnerable Software and Affected Versions Drupal Smart Trim module versions 7.x-1.x before 7.x-1.5

Description A cross-site scripting (XSS) issue exists in the Smart Trim module for Drupal, allowing remote authenticated users with specific permissions to inject arbitrary web script or HTML through vectors related to the field settings form.

Recommendations For versions prior to 7.x-1.5, update the Smart Trim module to version 7.x-1.5 or later to resolve the issue.