Justin_Kleinkeane

**Name of the Vulnerable Software and Affected Versions** Drupal Workflow module versions prior to 5.x-2.4 Drupal Workflow module versions prior to 6.x-1.2 **Description** The issue allows remote authenticated users with administer workflow privileges to inject arbitrary web script or HTML via the name of a workflow or workflow state. **Recommendations** For versions prior to 5.x-2.4, update to version 5.x-2.4 or later. For versions prior to 6.x-1.2, update to version 6.x-1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Taxonomy manager versions 5.x before 5.x-1.2 **Description** A cross-site scripting (XSS) issue exists in the term data detail page of the Taxonomy manager module for Drupal. This allows remote authenticated users with specific privileges to inject arbitrary web script or HTML via the "Parent and related terms" field. **Recommendations** For Taxonomy manager versions 5.x before 5.x-1.2, update to version 5.x-1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Brilliant Gallery versions prior to 5.x-4.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. **Recommendations** For versions prior to 5.x-4.2, update to version 5.x-4.2 or later to resolve the issue.