CVE-2026-3212

Name of the Vulnerable Software and Affected Versions Drupal Tagify versions prior to 1.2.49

Description The Tagify module for Drupal does not properly sanitize user-provided input before using it in JavaScript templates within the Tagify widget. This allows for the execution of arbitrary JavaScript code in a user's browser when content is created or edited. The issue stems from insufficient input neutralization during web page generation, leading to a Cross-Site Scripting (XSS) condition.

Recommendations Update Drupal Tagify to version 1.2.49 or later.