CVE-2012-2298
The CVE-2012-2298 issue concerns vulnerabilities in the Drupal RealName module (6.x-1.x) prior to 6.x-1.5. The root cause is inadequate escaping of user-provided data, enabling remote attackers to inject arbitrary script/HTML via two vectors: (1) user names in page titles and (2) autocomplete cal...