CVE-2012-4485

Name of the Vulnerable Software and Affected Versions Gallery formatter module versions prior to 7.x-1.2

Description The issue allows remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the title or alt parameter in the galleryformatter field formatter view function.

Recommendations For versions prior to 7.x-1.2, update to version 7.x-1.2 or later to resolve the issue.