Skip to main content

Tagify

3 CVEs product

Monthly

CVE-2026-11908 PHP MEDIUM PATCH This Month

Stored cross-site scripting in the Drupal Tagify contributed module allows low-privileged authenticated users to inject persistent malicious scripts that execute in the browsers of subsequent page visitors, including administrators. All Tagify module versions prior to 1.2.52 are affected. No public exploit code has been identified and EPSS sits at the 6th percentile, but the stored nature of the XSS elevates impact relative to reflected variants since payloads persist across all future viewers of the poisoned content.

XSS Tagify
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-13983 PHP MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.44. [CVSS 5.4 MEDIUM]

Drupal XSS Tagify
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2022-25854 npm MEDIUM POC PATCH This Month

This affects the package @yaireo/tagify before 4.9.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Tagify
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stored cross-site scripting in the Drupal Tagify contributed module allows low-privileged authenticated users to inject persistent malicious scripts that execute in the browsers of subsequent page visitors, including administrators. All Tagify module versions prior to 1.2.52 are affected. No public exploit code has been identified and EPSS sits at the 6th percentile, but the stored nature of the XSS elevates impact relative to reflected variants since payloads persist across all future viewers of the poisoned content.

XSS Tagify
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.44. [CVSS 5.4 MEDIUM]

Drupal XSS Tagify
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

This affects the package @yaireo/tagify before 4.9.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Tagify
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy