Arbitrary Script Injection Vulnerability in Custom Publishing Options Module for Drupal
CVE-2012-4496 · LOW Severity
AV:N/AC:H/AU:S/C:N/I:P/A:N
Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter.
Learn more about our Web App Pen Testing.