CVE-2012-5558

CVE-2012-5558 affects Drupal contributed modules Smiley (6.x-1.x before 6.x-1.1) and Smileys (6.x-1.x before 6.x-1.1). Root cause: these modules do not sufficiently sanitize user-defined smiley acronyms, enabling XSS when an attacker with the administer smiley permission injects arbitrary script/...

SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site Scripting (XSS)

These modules enable you to substitutes text emoticons, like :-, with images. These modules don't sufficiently sanitize user defined smiley acronyms before displaying smiley images. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...