CVE-2014-3933

Name of the Vulnerable Software and Affected Versions AddressField Tokens module versions 7.x-1.x before 7.x-1.4

Description The issue is related to a cross-site scripting (XSS) vulnerability in the address components field formatter. This allows remote authenticated users to inject arbitrary web script or HTML via an address field.

Recommendations For AddressField Tokens module versions 7.x-1.x before 7.x-1.4, update to version 7.x-1.4 or later to resolve the issue.