CVE-2012-1640

The Drupal Managesite module (6.x-1.x) is affected by XSS in the title field when adding or updating a category, exploitable by remote-authenticated users with the admin’s managesite permission. Affected versions are prior to 6.x-1.1; upgrade to Managesite 6.x-1.1 to remediate. The issue is mitig...

SA-CONTRIB-2012-015 - Managesite - Cross Site Scripting (XSS)

CVE: CVE-2012-1640 This module provides a way to build a control panel similar to the one provided by Drupal 7 on the admin zone /admin. The module doesn't sufficiently filter user supplied text in the administration settings. This vulnerability is mitigated by the fact that an attacker must have...