5 matches found
Tagify - Moderately critical - Cross-site scripting (XSS) - SA-CONTRIB-2026-043
This module integrates the Tagify JavaScript library to enhance entity reference selection in entity reference widgets. The module does not properly sanitise the name of parent taxonomy terms when rendering suggestions in the Tagify dropdown. This results in a cross-site scripting vulnerability...
CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...
Drupal Tagify 安全漏洞
Drupal Tagify is a Drupal module from the Drupal community that integrates the Tagify JavaScript library. Versions of Drupal Tagify prior to 1.2.49 contained a security vulnerability, which was caused by improper input handling and could lead to cross-site scripting attacks...
Tagify - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-121
This module enables you to use the Tagify library to enhance text input fields with tag-style UI elements. The module does not sufficiently sanitize the infoLabel value under certain configurations, which can result in a cross-site scripting XSS vulnerability. This vulnerability is mitigated by t...
Tagify - Moderately critical - Access bypass - SA-CONTRIB-2022-051
This module provides a widget to transform entity reference fields into a more user-friendly tags input component with a great performance. The module doesn't sufficiently check access for the add operation. Users with permission to edit content can view and reference unpublished terms. The edit...