The Better Exposed Filters module gives site builders more choices for rendering Views' exposed form elements.
The module does not sufficiently sanitize taxonomy term descriptions when the "Include the term description" option is selected.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer taxonomy".
Install the latest version:
- If you use the Better Exposed Filters module for Backdrop 1.x, upgrade to Better Exposed Filters 1.x-3.4.0 or greater.
- Henri Medot (anrikun) for Drupal