The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2012-06-26 17:55
Updated : 2017-08-28 18:31
NVD link : CVE-2012-2705
Mitre link : CVE-2012-2705
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
drupal
- drupal
christopher_mitchell
- smart_breadcrumb