SA-CONTRIB-2015-026 - Taxonews - Cross Site Scripting (XSS)
This module enables you to create blocks of nodes carrying a given taxonomy term. The module doesn't sufficiently escape term names in the blocks it builds leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...