Arbitrary Code Injection through Image File Name in Imagemenu Module for Drupal

Arbitrary Code Injection through Image File Name in Imagemenu Module for Drupal

CVE-2012-6583 · LOW Severity

AV:N/AC:H/AU:S/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name.

Learn more about our Web App Pen Testing.