CVE-2012-2068

Multiple cross-site scripting XSS vulnerabilities in fancyslide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancyslide permission to inject arbitrary web script or HTML via the 1 nodetitle or 2 nodequeuetitle parameter...

CVE-2012-2068

The Drupal Fancy Slide module (6.x, prior to 6.x-2.7) is affected by XSS in fancy_slide.module. The issue arises from insufficient filtering of user-supplied text in node_title and nodequeue_title parameters, exploitable by remote authenticated users with the administer fancy_slide permission. Im...