CVE-2012-2339

https://notcve.org/view.php?id=CVE-2012-2339

Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Glosario ("Glossary") 6.x-1.x anteriores a la 6.x-1.8 de Drupal. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar relacionados con información de taxonomías. • http://drupal.org/node/1568156 http://drupal.org/node/1569482 http://drupalcode.org/project/glossary.git/commitdiff/c6cc3ac http://secunia.com/advisories/49074 http://www.openwall.com/lists/oss-security/2012/05/10/6 http://www.openwall.com/lists/oss-security/2012/05/11/2 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.openwall.com/lists/oss-security/2012/06/15/6 http://www.securityfocus.com/bid/53440 https://exchange.xforce.ibmcloud. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •