CVE-2012-4496

Inclind Custom Pub - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter.

References (7)

Scores

EPSS 0.0034
EPSS Percentile 56.0%

Details

CWE
CWE-79
Status published
Products (7)
inclind/custom_pub
inclind/custom_pub
inclind/custom_pub
inclind/custom_pub
inclind/custom_pub
inclind/custom_pub
n/a/n/a
Published Oct 31, 2012
Tracked Since Feb 18, 2026