Lucene search

SA-CONTRIB-2012-078 - Smart Breadcrumb - Cross Site Scripting (XSS)

🗓️ 16 May 2012 00:00:00Reported by Drupal Security TeamType

Smart Breadcrumb module in Drupal versions prior to 6.x-1.3 allows Cross Site Scripting (XSS) due to improper text filtering in filter_titles() function. Attacker must have node creation/edit permission to exploit

Reporter	Title	Published	Views	Family All 4
Prion	Cross site scripting	27 Jun 201200:55	–	prion
Cvelist	CVE-2012-2705	27 Jun 201200:00	–	cvelist
CVE	CVE-2012-2705	27 Jun 201200:55	–	cve
NVD	CVE-2012-2705	27 Jun 201200:55	–	nvd

Source	Link
drupal	www.drupal.org/node/1568216
drupal	www.drupal.org/project/smart_breadcrumb
drupal	www.drupal.org/user/489334
drupal	www.drupal.org/user/102818
drupal	www.drupal.org/security-team/risk-levels
drupal	www.drupal.org/writing-secure-code
drupal	www.drupal.org/user/82971
drupal	www.drupal.org/security/secure-configuration
drupal	www.drupal.org/contact
drupal	www.drupal.org/security-team

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 May 2012 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS22.1

EPSS0.002