CVE-2026-3212

Source
https://cve.org/CVERecord?id=CVE-2026-3212
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3212.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-3212
Aliases
Published
2026-03-25T15:22:11.601Z
Modified
2026-07-08T08:12:26.769868538Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013
Details

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.49.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/3xxx/CVE-2026-3212.json",
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "drupal"
}
References

Affected packages

Git / git.drupalcode.org/project/tagify

Affected ranges

Type
GIT
Repo
https://git.drupalcode.org/project/tagify
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
77454aa403af43ad7643ecea19f40b4b983683e2
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:factorial:tagify:*:*:*:*:*:drupal:*:*",
    "extracted_events": [
        {
            "introduced": "0.0.0"
        },
        {
            "fixed": "1.2.49"
        },
        {
            "introduced": "0"
        }
    ]
}

Affected versions

1.*
1.0.0-beta1
1.0.1-beta1
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.2-beta1
1.0.20
1.0.21
1.0.22
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.21
1.1.23
1.1.24
1.2.0
1.2.1
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.17
1.2.18
1.2.2
1.2.20
1.2.21
1.2.22
1.2.23
1.2.25
1.2.26
1.2.27
1.2.28
1.2.29
1.2.3
1.2.30
1.2.31
1.2.32
1.2.33
1.2.34
1.2.35
1.2.36
1.2.37
1.2.38
1.2.39
1.2.4
1.2.40
1.2.41
1.2.42
1.2.43
1.2.44
1.2.45
1.2.46
1.2.47
1.2.48
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3212.json"