Cross-Site Scripting (XSS) Vulnerability in Smart Breadcrumb Module for Drupal

Cross-Site Scripting (XSS) Vulnerability in Smart Breadcrumb Module for Drupal

CVE-2012-2705 · LOW Severity

AV:N/AC:H/AU:S/C:N/I:P/A:N

The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter.

Learn more about our User Device Pen Test.