CVE-2012-2725

Name of the Vulnerable Software and Affected Versions Drupal Authoring HTML module versions 6.x-1.x before 6.x-1.1

Description The issue allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks due to improper validation of sources with the host white list in the Authoring HTML module.

Recommendations For versions prior to 6.x-1.1, update to version 6.x-1.1 or later to resolve the issue.