CVE-2015-7980

Name of the Vulnerable Software and Affected Versions Compass Rose module versions 6.x-1.x before 6.x-1.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. This is related to embedding a JavaScript library from an external source that was not reliable.

Recommendations For Compass Rose module versions 6.x-1.x before 6.x-1.1, update to version 6.x-1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Compass Rose module until a patch is applied.