Cross-Site Scripting (XSS) Vulnerability in Smart Breadcrumb Module for Drupal
CVE-2012-2705 · LOW Severity
AV:N/AC:H/AU:S/C:N/I:P/A:N
The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter.
Learn more about our User Device Pen Test.