Ayesh

**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 6.x-1.6 Drupal versions 6.x-2.x prior to 6.x-2.8 Drupal versions 7.x-1.x prior to 7.x-1.2 **Description** The issue allows remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via unspecified vectors. This is due to multiple cross-site scripting (XSS) vulnerabilities in the Registration codes module. **Recommendations** For versions prior to 6.x-1.6, update to version 6.x-1.6 or later. For versions 6.x-2.x prior to 6.x-2.8, update to version 6.x-2.8 or later. For versions 7.x-1.x prior to 7.x-1.2, update to version 7.x-1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 6.x-1.6 Drupal versions 6.x-2.x prior to 6.x-2.8 Drupal versions 7.x-1.x prior to 7.x-1.2 **Description** A cross-site request forgery (CSRF) issue exists in the Registration codes module, allowing remote attackers to hijack the authentication of administrators for requests that delete role-rules. **Recommendations** For versions prior to 6.x-1.6, update to version 6.x-1.6 or later. For versions 6.x-2.x prior to 6.x-2.8, update to version 6.x-2.8 or later. For versions 7.x-1.x prior to 7.x-1.2, update to version 7.x-1.2 or later.