CVE-2012-2710

low

Published 2012-06-27 · Modified 2026-04-29

CVSS v3

—

CVSS v2

2.6

VIR risk

2.6

Description

Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/628480

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1585960

Application impact

Vendor	Product	Versions
john_albin	zen	`6.x-1.0`
john_albin	zen	`6.x-1.0beta1`
john_albin	zen	`6.x-1.x`
drupal	drupal	`-`

References

http://drupal.org/node/1585960
http://drupal.org/node/628480
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.securityfocus.com/bid/53573
https://exchange.xforce.ibmcloud.com/vulnerabilities/75711
http://drupal.org/node/1585960
http://drupal.org/node/628480
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.securityfocus.com/bid/53573
https://exchange.xforce.ibmcloud.com/vulnerabilities/75711

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.