CVE-2012-2710

Drupal Zen <6.x-1.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.

References (5)

[Patch, Vendor Advisory] http://drupal.org/node/1585960

[Patch] http://drupal.org/node/628480

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75711

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/53573

[Mailing List] http://www.openwall.com/lists/oss-security/2012/06/14/3

Scores

EPSS 0.0029

EPSS Percentile 52.5%

Classification

CWE

CWE-79

Status published

Affected Products (6)

john_albin/zen

john_albin/zen

john_albin/zen

john_albin/zen

john_albin/zen

n/a/n/a

Timeline

Published Jun 27, 2012

Tracked Since Feb 18, 2026