Arbitrary Code Injection through Image File Name in Imagemenu Module for Drupal
CVE-2012-6583 · LOW Severity
AV:N/AC:H/AU:S/C:N/I:P/A:N
Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name.
Learn more about our Web App Pen Testing.