CVE Reference: CVE-2012-1652

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-1652

Description:
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text."

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/73611

SAID
  Secunia Advisory: SA48235

OSVDB
  79683

MLIST
  http://www.openwall.com/lists/oss-security/2012/04/07/1

CONFIRM
  http://drupal.org/node/1461318
  http://drupal.org/node/1461724
  http://drupalcode.org/project/hierarchical_select.git/commit/be32dceb17d25553e474c295a8c3db69eab95cee

BID
  52228


Return to the previous page.