| Topic: | Cross-site scripting vulnerability in tag autocomplete |
| Severity: | Major |
| Versions affected: | <1.9.11 and <2.0.2 |
| Reported by: | gose |
| Issue no.: | MDL-25754 |
| Solution: | Upgrade to latest version |
| Workaround: | Delete /tag/tag_autocomplete.php file |
Description:
Missing tag validation could allow an attacker to conduct a cross-site scripting attack.