CVE-2012-2705

Name of the Vulnerable Software and Affected Versions Smart Breadcrumb module versions 6.x-1.x before 6.x-1.3

Description The issue concerns the filter titles function, which does not properly convert a title to plain-text. This allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter.

Recommendations For Smart Breadcrumb module versions 6.x-1.x before 6.x-1.3, update to version 6.x-1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the filter titles function or limiting the ability to create or edit nodes to trusted users until the update can be applied.