CVE-2012-6583

Cross-site scripting XSS vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name...

CVE-2012-6583

Cross-site scripting XSS vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name...

CVE-2012-6583

The CVE-2012-6583 entry concerns the Drupal Imagemenu module (6.x-1.x) prior to 6.x-1.4. Affected component is the image file name rendering, which does not escape properly, enabling XSS when a user with the administer imagemenu permission accesses menus built from images. The vulnerability’s imp...

SA-CONTRIB-2012-145 - Imagemenu - Cross Site Scripting (XSS)

Imagemenu module allows you to create Drupal menus from images files. The module doesn't sufficiently escape image file names when rendering menus, allowing a potential XSS attack. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...