CVE-2012-1648

Name of the Vulnerable Software and Affected Versions Drupal Cool Aid module versions prior to 6.x-1.9

Description The issue allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting (XSS).

Recommendations For versions prior to 6.x-1.9, update to version 6.x-1.9 or later to resolve the issue.