Cross-Site Scripting Vulnerability in Drupal Tagify Plugin
CVE-2026-11908
Currently unrated
What is CVE-2026-11908?
The vulnerability in the Drupal Tagify plugin allows for the improper neutralization of input during web page generation. This leads to a Stored Cross-Site Scripting (XSS) risk, where an attacker can inject malicious scripts into web applications viewed by other users. The flaw resides in Tagify versions ranging from 0.0.0 to 1.2.52, making it essential for users to keep their installations updated to mitigate this issue.
Affected Version(s)
Tagify 0.0.0 < 1.2.52
