MidnightBSD

Advisories for christopher_mitchell

CVE-2012-2705 LOW

The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
christopher_mitchell smart_breadcrumb 6.x-1.0
christopher_mitchell smart_breadcrumb 6.x-1.x
christopher_mitchell smart_breadcrumb 6.x-1.1
christopher_mitchell smart_breadcrumb 6.x-1.2