CVE-2016-1565

Name of the Vulnerable Software and Affected Versions Drupal Field Group module version 7.x-1.x before 7.x-1.5

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute.

Recommendations For versions prior to 7.x-1.5, update to version 7.x-1.5 or later to resolve the issue.