CVE-2012-1060

https://notcve.org/view.php?id=CVE-2012-1060

Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en revisioning_theme.inc en el módulo Taxonomy en el módulo Revisioning v6.x-3.13 y otras versiones anteriores a v6.x-3.14 para Drupal permite a usuarios autenticados de forma remota tener ciertos privilegios para inyectar código web script o HTML a través de (1)tags o (2) parámetros term. • http://drupal.org/node/1431114 http://drupal.org/node/1433550 http://drupalcode.org/project/revisioning.git/commit/768c882 http://secunia.com/advisories/47931 http://www.madirish.net/content/drupal-revisioning-6x-313-xss-vulnerability http://www.securityfocus.com/bid/51923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •