CVE-2012-2310
https://notcve.org/view.php?id=CVE-2012-2310
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo cctags para Drupal v6.x-1.x antes de v6.x-1.10 y v7.x 1.x antes v7.x-1.10 permite a usuarios remotos autenticados con ciertos roles, inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1508098 http://drupal.org/node/1508100 http://drupal.org/node/1558248 http://secunia.com/advisories/49018 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •