This module provides a site with the ability to display currency exchange rates. The module does not sanitize some of the user-supplied data before logging it to the watchdog, leading to a cross-site scripting (XSS) vulnerability.
Drupal core is not affected. If you do not use the contributed Currency Exchange module, there is nothing you need to do.
Install the latest version: upgrade to Currency Exchange 6.x-1.2.
See also the Currency Exchange module project page.
mr.baileys and kbahey one of the moduleβs maintainers.