Unknown · Html-Scrubber · CVE-2015-5667
**Name of the Vulnerable Software and Affected Versions**
HTML-Scrubber module versions prior to 0.15
**Description**
The issue is related to a cross-site scripting (XSS) vulnerability. When the comment feature is enabled, remote attackers can inject arbitrary web script or HTML via a crafted comment.
**Recommendations**
For versions prior to 0.15, update to version 0.15 or later to resolve the issue. As a temporary workaround, consider disabling the comment feature until a patch is available.