Evans

**Name of the Vulnerable Software and Affected Versions** Compass Rose module versions 6.x-1.x before 6.x-1.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. This is related to embedding a JavaScript library from an external source that was not reliable. **Recommendations** For Compass Rose module versions 6.x-1.x before 6.x-1.1, update to version 6.x-1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Compass Rose module until a patch is applied.