Drupal · Tagify · CVE-2026-3212
**Name of the Vulnerable Software and Affected Versions**
Drupal Tagify versions prior to 1.2.49
**Description**
The Tagify module for Drupal does not properly sanitize user-provided input before using it in JavaScript templates within the Tagify widget. This allows for the execution of arbitrary JavaScript code in a user's browser when content is created or edited. The issue stems from insufficient input neutralization during web page generation, leading to a Cross-Site Scripting (XSS) condition.
**Recommendations**
Update Drupal Tagify to version 1.2.49 or later.