EUVD-2012-2685

Malware in sbrugna...

CVE-2012-2705

The filtertitles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting XSS attacks via the title parameter...

Cross site scripting

The filtertitles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting XSS attacks via the title parameter...

CVE-2012-2705

The filtertitles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting XSS attacks via the title parameter...

CVE-2012-2705

The CVE-2012-2705 entry concerns the Drupal Smart Breadcrumb module (6.x-1.x) prior to 6.x-1.3. The root cause is that filter_titles() fails to properly filter user-supplied titles to plain-text, enabling cross-site scripting (XSS) by remote authenticated users who have create or edit node permis...

SA-CONTRIB-2012-078 - Smart Breadcrumb - Cross Site Scripting (XSS)

CVE: CVE-2012-2705. The function filtertitles incorrectly attempts to set a title to plain-text, but does not properly filter user supplied text. This vulnerability is mitigated by the fact that an attacker must have the permission to create or edit a node to exploit the issue. Versions affected...