Vulnerabilities

CVE-2012-4485

by Fred · 31/10/2012

Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the (1) title or (2) alt parameter.

Date published : 2012-10-31

http://www.securityfocus.com/bid/54674

http://drupal.org/node/1699744

Related

Tags: Cybersecurity Alert