Arbitrary Script Injection Vulnerability in Custom Publishing Options Module for Drupal

Arbitrary Script Injection Vulnerability in Custom Publishing Options Module for Drupal

CVE-2012-4496 · LOW Severity

AV:N/AC:H/AU:S/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter.

Learn more about our Web App Pen Testing.