Arbitrary Script Injection in Video Filter Module for Drupal

Arbitrary Script Injection in Video Filter Module for Drupal

CVE-2012-1634 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links.

Learn more about our Web App Pen Testing.