CVE-2012-1632
https://notcve.org/view.php?id=CVE-2012-1632
Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en password_policy.admin.inc en el módulo Password Policy anteriores a v6.x-1.4 y v7.x-1.0 beta3 para Drupal, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través del parámetro name. • http://drupal.org/node/1401678 http://drupalcode.org/project/password_policy.git/commit/3c688c3b4a3ed96fdc4b89883595633338c7ebb6 http://secunia.com/advisories/47541 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/51385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •