CVE-2015-7878

Name of the Vulnerable Software and Affected Versions Drupal Taxonomy Find module versions 6.x-1.2 through 6.x-2.x Drupal Taxonomy Find module versions 7.x-1.0 through 7.x-2.x

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users with specific permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.

Recommendations For versions 6.x-1.2 through 6.x-2.x, update to a version outside of this range to resolve the issue. For versions 7.x-1.0 through 7.x-2.x, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to taxonomy vocabulary and term name editing to minimize the risk of exploitation.